TY - JOUR
T1 - Beyond Security
T2 - Understanding the Multiple Impacts of Security Smells for Microservices
AU - Ponce, Francisco
AU - Soldani, Jacopo
AU - Taramasco, Carla
AU - Brogi, Antonio
AU - Astudillo, Hernán
N1 - Publisher Copyright:
© 2024 Latin American Center for Informatics Studies. All rights reserved.
PY - 2024/7
Y1 - 2024/7
N2 - Microservice-based applications enable building cloud-native applications, namely applications that can fully exploit the benefits of cloud computing. Along with its benefits, microservices come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).
AB - Microservice-based applications enable building cloud-native applications, namely applications that can fully exploit the benefits of cloud computing. Along with its benefits, microservices come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).
KW - maintainability
KW - microservices
KW - performance efficiency
KW - refactoring
KW - security smells
UR - http://www.scopus.com/inward/record.url?scp=85200605986&partnerID=8YFLogxK
U2 - 10.19153/cleiej.27.2.6
DO - 10.19153/cleiej.27.2.6
M3 - Article
AN - SCOPUS:85200605986
SN - 0717-5000
VL - 27
JO - CLEI Eletronic Journal (CLEIej)
JF - CLEI Eletronic Journal (CLEIej)
IS - 2
ER -