Quote
Wizenty, Philip et al. 2023. Towards Resolving Security Smells in Microservices, Model-Driven. Proceedings of the 18th International Conference on Software Technologies ICSOFT - Volume 1, 15-26.
Content
Resolving security issues in microservice applications is crucial, as many IT companies rely on microservices to deliver their core businesses.
Security smells denote possible symptoms of such security issues.
However, detecting security smells and reasoning on how to resolve them through refactoring is complex and costly, mainly because of the intrinsic complexity of microservice architectures.
This paper presents the first idea towards supporting a model-driven resolution of microservices' security smell.
The proposed method relies on LEMMA to model microservice applications by suitably extending LEMMA itself to enable the modeling of microservices' security aspects.
The proposed method then enables processing LEMMA models to automatically detect security smells in modeled microservice applications and recommend the refactorings known to resolve the identified security smells.
To assess the feasibility of the proposed method, this paper also introduces a proof-of-concept implementation of the proposed LEMMA-based, automated microservices' security smell detection and refactoring.