We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.SE

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Software Engineering

Title: Smells and Refactorings for Microservices Security: A Multivocal Literature Review

Abstract: Context: Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. If security smells affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the currently available knowledge on securing microservices is scattered across different pieces of white and grey literature, our objective here is to distill well-known smells for securing microservices, together with the refactorings enabling to mitigate the effects of such smells. Method: To capture the state of the art and practice in securing microservices, we conducted a multivocal review of the existing white and grey literature on the topic. We systematically analyzed 58 studies published from 2014 until the end of 2020. Results: Ten bad smells for securing microservices are identified, which we organized in a taxonomy, associating each smell with the security properties it may violate and the refactorings enabling to mitigate its effects. Conclusions: The security smells and the corresponding refactorings have pragmatic value for practitioners, who can exploit them in their daily work on securing microservices. They also serve as a starting point for researchers wishing to establish new research directions on securing microservices.
Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR)
Cite as: arXiv:2104.13303 [cs.SE]
  (or arXiv:2104.13303v1 [cs.SE] for this version)

Submission history

From: Jacopo Soldani [view email]
[v1] Tue, 27 Apr 2021 16:24:09 GMT (596kb,D)

Link back to: arXiv, form interface, contact.