Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights

Amr Abdelfattah; Micah Schiewe; Jacob Curtis; Tomas Cerny; Eunjee Song

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights

Topics: Cloud Quality and Performance; Enterprise Architectures and Services; Microservices; Security, Privacy and Compliance Management; Services Security and Reliability

In Proceedings of the 13th International Conference on Cloud Computing and Services Science CLOSER - Volume 1, 15-23, 2023 , Prague, Czech Republic

Authors: Amr Abdelfattah ; Micah Schiewe ; Jacob Curtis ; Tomas Cerny and Eunjee Song

Affiliation: Computer Science, ECS, Baylor University, One Bear Place #97141, Waco, TX 76798-7356, U.S.A.

Keyword(s): Static Analysis, Microservices, Access Rights.

Abstract: Security policies are typically defined centrally for a particular system. However, the current mainstream architecture - microservices - introduces decentralization with self-contained interacting parts. This brings better evolution autonomy to individual microservices but introduces new challenges with consistency. The most basic security perspective is the setting of access rights; we typically enforce access rights at system endpoints. Given the self-contained and decentralized microservice nature, each microservice has to implement these policies individually. Considering that different development teams are involved in microservice development, likely the access rights are not consistently implemented across the system. Moreover, as the system evolves, it can quickly become cumbersome to identify a holistic view of the full set of access rights applied in the system. Various issues can emerge from inconsistent settings and potentially lead to security vulnerabilities and uninte nded bugs, such as incorrectly granting write or read access to system data. This paper presents an approach aiding a human-centered access right analysis of system endpoints in microservices. It identifies the system data that a particular endpoint accesses throughout its call paths and determines which operations are performed on these data across the call paths. In addition, it takes into account inter-service communication across microservices, which brings a great and novel instrument to practitioners who would otherwise need to perform a thorough code review of self-contained codebases to extract such information from the system. The presented approach has broad potential related to security analysis, further detailed in the paper. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 52.14.78.246

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Abdelfattah, A., Schiewe, M., Curtis, J., Cerny, T. and Song, E. (2023). Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights. In Proceedings of the 13th International Conference on Cloud Computing and Services Science - CLOSER; ISBN 978-989-758-650-7; ISSN 2184-5042, SciTePress, pages 15-23. DOI: 10.5220/0011707500003488

@conference{closer23,
author={Amr Abdelfattah and Micah Schiewe and Jacob Curtis and Tomas Cerny and Eunjee Song},
title={Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights},
booktitle={Proceedings of the 13th International Conference on Cloud Computing and Services Science - CLOSER},
year={2023},
pages={15-23},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011707500003488},
isbn={978-989-758-650-7},
issn={2184-5042},
}

TY - CONF

JO - Proceedings of the 13th International Conference on Cloud Computing and Services Science - CLOSER
TI - Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights
SN - 978-989-758-650-7
IS - 2184-5042
AU - Abdelfattah, A.
AU - Schiewe, M.
AU - Curtis, J.
AU - Cerny, T.
AU - Song, E.
PY - 2023
SP - 15
EP - 23
DO - 10.5220/0011707500003488
PB - SciTePress