On automated RBAC assessment by constructing a centralized perspective for microservice mesh-Reference-Cited by-同舟云学术

On automated RBAC assessment by constructing a centralized perspective for microservice mesh

Published:2021-02-01 Issue: Volume:7 Page:e376
ISSN:2376-5992
Container-title:PeerJ Computer Science
language:en
Short-container-title:

Author:

Das Dipta¹^ORCID,Walker Andrew¹,Bushong Vincent¹^ORCID,Svacina Jan¹^ORCID,Cerny Tomas¹^ORCID,Matyas Vashek²

Affiliation:

1. Department of Computer Science, Baylor University, Waco, TX, USA

2. Faculty of Informatics, Masaryk University, Brno, Czech Republic

Abstract

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.

Funder

National Science Foundation

Red Hat Research

Publisher

PeerJ

Subject

General Computer Science

Link

https://peerj.com/articles/cs-376.pdf

Reference53 articles.

1. Role-based authorization constraints specification;Ahn;ACM Transactions on Information and System Security,2000

2. Towards micro service architecture recovery: An empirical study;Alshuqayran,2018

3. Dynamic enforcement of abstract separation of duty constraints;Basin,2009

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. From static code analysis to visual models of microservice architecture;Cluster Computing;2024-04-24

2. Software Architecture Reconstruction for Microservice Systems Using Static Analysis via GraalVM Native Image;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2024-03-12

3. Catalog and detection techniques of microservice anti-patterns and bad smells: A tertiary study;Journal of Systems and Software;2023-12

4. Roadmap to Reasoning in Microservice Systems: A Rapid Review;Applied Sciences;2023-01-31

5. Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights;Proceedings of the 13th International Conference on Cloud Computing and Services Science;2023