[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Software Development Activities for Secure Microservices

  • Conference paper
  • First Online:
Computational Science and Its Applications – ICCSA 2019 (ICCSA 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11623))

Included in the following conference series:

Abstract

The decomposition of an application into a set of distributed and collaborating microservices using microservices architecture principles, increases an application’s attack surface. A preliminary risk analysis can provide an understanding of security threats from a hypothetical attacker’s point of view. Identified security threats equip software engineers of microservices compositions with knowledge of assets most likely to be targeted, the most likely attack vectors, and the potential attacker’s profile. The knowledge is useful to ensure that microservices compositions are designed to avoid vulnerabilities and to withstand any attack, and in the event of an attack to ensure that adverse consequences of an attack are minimized. In this regard, this paper aims to identify security threats that could arise as a result of flaws in the design of microservices compositions and harm that may arise from misuse of a microservices composition by malicious users. The preliminary risk analysis leads to a list of security requirements to be met by this research to be able to develop secure microservices compositions. The contribution of this review is a list of development activities for secure microservices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Zimmermann, O.: Do microservices pass the same old architecture test? Or: SOA is not dead-long live (micro-)services. In: Microservices Workshop at SATURN Conference, SEI (2015)

    Google Scholar 

  2. Dragoni, N., et al.: Microservices: yesterday, today, and tomorrow. In: Present and Ulterior Software Engineering, pp. 195–216 (2017)

    Chapter  Google Scholar 

  3. Nadareishvili, I., Mitra, R., McLarty, M., Amundsen, M.: Microservice Architecture: Aligning Principles, Practices, and Culture. O’Reilly Media Inc., Newton (2016)

    Google Scholar 

  4. Bossert, O.: A two-speed architecture for the digital enterprise. In: El-Sheikh, E., Zimmermann, A., Jain, L.C. (eds.) Emerging Trends in the Evolution of Service-Oriented and Enterprise Architectures. ISRL, vol. 111, pp. 139–150. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40564-3_8

    Chapter  Google Scholar 

  5. Bass, L., Weber, I., Zhu, L.: DevOps: A Software Architect’s Perspective. Addison-Wesley Professional, Boston (2015)

    Google Scholar 

  6. Bernstein, D.: Is Amazon becoming the new cool software company for developers? IEEE Cloud Comput. 2(1), 69–71 (2015)

    Article  Google Scholar 

  7. Ravichandran, A., Taylor, K., Waterhouse, P.: DevOps foundations. In: DevOps for Digital Leaders, pp. 27–47. Apress, New York (2016)

    Chapter  Google Scholar 

  8. Baresi, L., Filgueira Mendonça, D., Garriga, M.: Empowering low-latency applications through a serverless edge computing architecture. In: De Paoli, F., Schulte, S., Broch Johnsen, E. (eds.) ESOCC 2017. LNCS, vol. 10465, pp. 196–210. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67262-5_15

    Chapter  Google Scholar 

  9. Feitelson, D.G., Frachtenberg, E., Beck, K.L.: Development and deployment at facebook. IEEE Internet Comput. 17(4), 8–17 (2013)

    Article  Google Scholar 

  10. Feng, Q., Kazman, R., Cai, Y., Mo, R., Xiao, L.: Towards an architecture-centric approach to security analysis. In: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), pp. 221–230. IEEE, April 2016

    Google Scholar 

  11. Lalsing, V., Kishnah, S., Pudaruth, S.: People factors in agile software development and project management. Int. J. Softw. Eng. Appl. 3(1), 117 (2012)

    Google Scholar 

  12. Butzin, B., Golatowski, F., Timmermann, D.: Microservices approach for the internet of things. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–6. IEEE, September 2016

    Google Scholar 

  13. Sheng, Q.Z., Qiao, X., Vasilakos, A.V., Szabo, C., Bourne, S., Xu, X.: Web services composition: a decade’s overview. Inf. Sci. 280, 218–238 (2014)

    Article  Google Scholar 

  14. Rogers, B.: The social costs of Uber. U. Chi. L. Rev. Dialogue 82, 85 (2015)

    Google Scholar 

  15. Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web services security: SOAP message security 1.1 (WS-Security 2004). Oasis Standard, 200401 (2006)

    Google Scholar 

  16. Shah, D., Patel, D.: Dynamic and ubiquitous security architecture for global SOA. In: The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, UBICOMM 2008, pp. 482–487. IEEE, September 2008

    Google Scholar 

  17. Jones, M., Bradley, J., Sakimura, N.: JSON web token (JWT) (No. RFC 7519) (2015)

    Google Scholar 

  18. Merkel, D.: Docker: lightweight Linux containers for consistent development and deployment. Linux J. 2014(239), 2 (2014)

    Google Scholar 

  19. Martins, G., Bhatia, S., Koutsoukos, X., Stouffer, K., Tang, C., Candell, R.: Towards a systematic threat modeling approach for cyberphysical systems. In: Resilience Week (RWS), pp. 1–6. IEEE, August 2015

    Google Scholar 

  20. Priya, S.S., Arya, S.S.: Threat modeling for a secured software development. Int. J. Adv. Res. Comput. Sci. 7(1), 40–48 (2016)

    Google Scholar 

  21. IEC/ISO 7498-2: Information Processing Systems - Open Systems Interconnection, 7498-2 (1989)

    Google Scholar 

  22. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  23. Sheffer, Y., Holz, R., Saint-Andre, P.: Summarizing known attacks on transport layer security (TLS) and datagram TLS (DTLS) (No. RFC 7457) (2015)

    Google Scholar 

  24. Borazjani, P.N.: Security issues in cloud computing. In: Au, M.H.A., Castiglione, A., Choo, K.-K.R., Palmieri, F., Li, K.-C. (eds.) GPC 2017. LNCS, vol. 10232, pp. 800–811. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57186-7_58

    Chapter  Google Scholar 

  25. Gressin, S.: The Equifax Data Breach: What to Do (2017)

    Google Scholar 

  26. Behrens, S., Heffner J.: The avalanche application DoS in microservice architectures (2017). https://medium.com/signal-sciences-labs/starting-the-avalanche-application-dos-in-microservice-architectures-4f5eb4730a60. Accessed 20 Jan 2019

  27. Open Security Alliance: IT Security Requirements (2017). http://www.opensecurityarchitecture.org/cms/definitions/it_security_requirements. Accessed 15 Jan 2018

Download references

Author information

Authors and Affiliations

  1. University of Johannesburg, Auckland Park, 2006, South Africa

    Peter Nkomo & Marijke Coetzee

Authors
  1. Peter Nkomo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marijke Coetzee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Peter Nkomo or Marijke Coetzee .

Editor information

Editors and Affiliations

  1. Covenant University, Ota, Nigeria

    Sanjay Misra

  2. University of Perugia, Perugia, Italy

    Osvaldo Gervasi

  3. University of Basilicata, Potenza, Italy

    Beniamino Murgante

  4. Saint Petersburg State University, Saint Petersburg, Russia

    Elena Stankova

  5. Saint Petersburg State University, Saint Petersburg , Russia

    Vladimir Korkhov

  6. Polytechnic University of Bari, Bari, Italy

    Carmelo Torre

  7. University of Minho, Braga, Portugal

    Ana Maria A.C. Rocha

  8. Monash University, Clayton, VIC, Australia

    David Taniar

  9. Kyushu Sangyo University, Fukuoka, Japan

    Bernady O. Apduhan

  10. Polytechnic University of Bari, Bari, Italy

    Eufemia Tarantino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nkomo, P., Coetzee, M. (2019). Software Development Activities for Secure Microservices. In: Misra, S., et al. Computational Science and Its Applications – ICCSA 2019. ICCSA 2019. Lecture Notes in Computer Science(), vol 11623. Springer, Cham. https://doi.org/10.1007/978-3-030-24308-1_46

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24308-1_46

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24307-4

  • Online ISBN: 978-3-030-24308-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics