Model-Driven Security Smell Resolution in Microservice Architecture Using LEMMA

Philip Wizenty, Francisco Ponce, Florian Rademacher, Jacopo Soldani, Hernán Astudillo, Antonio Brogi, Sabine Sachweh

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Effective security measures are crucial for modern Microservice Architecture (MSA)-based applications as many IT companies rely on microservices to deliver their business functionalities. Security smells may indicate possible security issues. However, detecting security smells and devising strategies to resolve them through refactoring is difficult and expensive, primarily due to the inherent complexity of microservice architectures. This paper proposes a Model-driven approach to resolving security smells in MSA. The proposed method uses LEMMA as a concrete approach to model microservice applications. We extend LEMMA’s functionalities to enable the modeling of microservices’ security aspects. With the proposed method, LEMMA models can be processed to automatically detect security smells and recommend the refactorings that resolve the identified security smells. To test the effectiveness of the proposed method, the paper introduces a proof-of-concept implementation of the proposed LEMMA-based, automated microservices’ security smell detection and refactoring.

Original languageEnglish
Title of host publicationSoftware Technologies - 18th International Conference, ICSOFT 2023, Revised Selected Papers
EditorsHans-Georg Fill, Francisco José Domínguez Mayo, Marten van Sinderen, Leszek A. Maciaszek
PublisherSpringer Science and Business Media Deutschland GmbH
Pages29-49
Number of pages21
ISBN (Print)9783031617522
DOIs
Publication statusPublished - 2024
Event18th International Conference on Software Technologies, ICSOFT 2023 - Rome, Italy
Duration: 10 Jul 202312 Jul 2023

Publication series

NameCommunications in Computer and Information Science
Volume2104 CCIS
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference18th International Conference on Software Technologies, ICSOFT 2023
Country/TerritoryItaly
CityRome
Period10/07/2312/07/23

Keywords

  • Bad smells
  • Microservice architecture
  • Model-driven engineering
  • Security

ASJC Scopus subject areas

  • General Computer Science
  • General Mathematics

Fingerprint

Dive into the research topics of 'Model-Driven Security Smell Resolution in Microservice Architecture Using LEMMA'. Together they form a unique fingerprint.

Cite this