Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Automatic Detection of Security Deficiencies and Refactoring Advises for Microservices
Ericsson AB, Sweden.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. Ericsson AB, Sweden.ORCID iD: 0000-0002-7220-9570
2023 (English)In: Proceedings - 2023 IEEE/ACM International Conference on Software and System Processes, ICSSP 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 25-34Conference paper, Published paper (Refereed)
Abstract [en]

The microservice architecture enables organizations to shorten development cycles and deliver cloud-native applications rapidly. However, it also brings security concerns that need to be addressed by developers. Therefore, security testing in microservices becomes even more critical. Recent research papers indicate that security testing of microservices is often neglected for reasons such as lack of time, lack of experience in the security domain, and absence of automated test environments. Even though several security scanning tools exist to detect container, containerized workload management (Kubernetes), and network issues, none individually is sufficient to cover all security problems in microservices. Using multiple scanning tools increases the complexity of analyzing findings and mitigating security vulnerabilities. This paper presents a fully automated test tool suite that can help developers address security issues in microservices and resolve them. It targets to reduce time and effort in security activities by encapsulating open-source scanning tools into one suite and providing improved feedback. The developed security scanning suite is named Pomegranate. To develop Pomegranate, we employed Design Science and conducted our investigation in Ericsson. We have evaluated our tool using a static approach. The evaluation results indicate that the Pomegranate could be helpful to developers by providing simplified and classified outputs for security vulnerabilities in microservices. More than half of the practitioners who give us feedback found Pomegranate helpful in detecting and mitigating security problems in microservices. We conclude that a fully automated test tool suite can help developers to address most security issues in microservices. Based on the findings in this paper, the direction for future work is to conduct a dynamic validation of Pomegranate in a live project. © 2023 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023. p. 25-34
Keywords [en]
Kubernetes, Microservices, Security, Security Scanning Tools, Automation, Fully automated, Microservice, Scanning tool, Security problems, Security scanning, Security scanning tool, Security testing, Security vulnerabilities, Containers
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-25262DOI: 10.1109/ICSSP59042.2023.00013ISI: 001032744000003Scopus ID: 2-s2.0-85166196449ISBN: 9798350311969 (print)OAI: oai:DiVA.org:bth-25262DiVA, id: diva2:1787087
Conference
17th IEEE/ACM International Conference on Software and System Processes, ICSSP 2023, Melbourne, 14 May through 15 May 2023
Available from: 2023-08-11 Created: 2023-08-11 Last updated: 2023-08-31Bibliographically approved

Open Access in DiVA

fulltext(841 kB)83 downloads
File information
File name FULLTEXT01.pdfFile size 841 kBChecksum SHA-512
0d5db5674cab91275674f0e7857ee59d999b4624f7b2b9a20a83c0da93028cb7002f75c5cea4b578939f3f0ad860b05df140e3479fbc3a0e74c32f4883e485d1
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Britto, Ricardo

Search in DiVA

By author/editor
Britto, Ricardo
By organisation
Department of Software Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 84 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 172 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf