E-resources
Peer reviewed
-
Pereira-Vale, Anelis; Fernandez, Eduardo B.; Monge, Raúl; Astudillo, Hernán; Márquez, Gastón
Computers & security, April 2021, 2021-04-00, 20210401, Volume: 103Journal Article
Microservices define an architectural style that conceives systems as a suite of modular, independent and scalable services. While application design is now simpler, designing secure applications is in general harder than for monolithic applications and the current literature offers little orientation to architects and developers regarding solutions. This article describes the design and results of a multivocal literature review of the security solutions that have been proposed for microservice-based systems. The study yielded 370 academic articles and 620 grey literature; duplicates removal and the application of exclusion criteria left 36 from the academic literature and 34 from the grey literature. The security solution(s) proposed in each article were classified into variations of standard security mechanisms (e.g., Access Control) and scopes (Info Management, Threat Modeling, etc), and were associated to security contexts (detect, mitigate/stop, react, recover from attack). Our research questions addressed frequency of publications, research methodologies, security mechanisms, and security contexts. Key findings were that (1) both kinds of literature differ in their preferred empirical research strategies (examples, experiments and case studies); (2) The solutions proposed in the 70 selected articles correspond to 15 classifications of security mechanisms and analyses; (3) the most mentioned security mechanisms are Authentication and Authorization; (4) around 2/3 of solutions focused on Mitigate/Stop attacks, but none on reacting and recovering from them, and (5) the methodologies used are mostly block diagrams and code, with little use of models or analysis. These findings hold for both grey and academic literature. This study is a first step towards providing secure software researchers and practitioners a comprehensive catalog of security solutions and mechanisms, and where the clear identification of the most used security solutions will simplify their reuse to address security problems while designing microservice-based systems.
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Shelf entry
Permalink
- URL:
Impact factor
Access to the JCR database is permitted only to users from Slovenia. Your current IP address is not on the list of IP addresses with access permission, and authentication with the relevant AAI accout is required.
Year | Impact factor | Edition | Category | Classification | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Select the library membership card:
If the library membership card is not in the list,
add a new one.
DRS, in which the journal is indexed
Database name | Field | Year |
---|
Links to authors' personal bibliographies | Links to information on researchers in the SICRIS system |
---|
Source: Personal bibliographies
and: SICRIS
The material is available in full text. If you wish to order the material anyway, click the Continue button.