TY - GEN
T1 - Should Microservice Security Smells Stay or be Refactored? Towards a Trade-off Analysis
AU - Ponce, Francisco
AU - Soldani, Jacopo
AU - Astudillo, Hernán
AU - Brogi, Antonio
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. Security smells, i.e. possible symptoms of (often unintentional) bad design decisions, can occur in microservice-based applications, resulting in violations of key security properties as well as design soundness (i.e. adherence to microservice design principles). However, it is non-trivial to decide in each case whether to apply a refactoring to mitigate the effects of a smell, or whether it is more convenient to keep the smell in the application (at least at that specific time), since its refactoring may impact both the application quality and design soundness. This paper argues for trade-off analysis to help determining whether to keep a security smell or to apply a refactoring, based on their positive/negative impacts on specific quality attributes and design soundness. The method enacts and supports this trade-off analysis using Softgoal Interdependency Graphs (SIGs), a visual formalism that provides a holistic view of the positive/negative impacts of, in our case, security smells and refactorings on software quality attributes and design soundness. We also illustrate our method with a detailed analysis of a well-known security smell and its possible refactoring. Further development and empirical validation of this method will allow to deploy automatic recommendations on trade-offs and appropriateness of possible refactorings of microservice applications.
AB - Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. Security smells, i.e. possible symptoms of (often unintentional) bad design decisions, can occur in microservice-based applications, resulting in violations of key security properties as well as design soundness (i.e. adherence to microservice design principles). However, it is non-trivial to decide in each case whether to apply a refactoring to mitigate the effects of a smell, or whether it is more convenient to keep the smell in the application (at least at that specific time), since its refactoring may impact both the application quality and design soundness. This paper argues for trade-off analysis to help determining whether to keep a security smell or to apply a refactoring, based on their positive/negative impacts on specific quality attributes and design soundness. The method enacts and supports this trade-off analysis using Softgoal Interdependency Graphs (SIGs), a visual formalism that provides a holistic view of the positive/negative impacts of, in our case, security smells and refactorings on software quality attributes and design soundness. We also illustrate our method with a detailed analysis of a well-known security smell and its possible refactoring. Further development and empirical validation of this method will allow to deploy automatic recommendations on trade-offs and appropriateness of possible refactorings of microservice applications.
KW - Security refactoring
KW - Security smells
KW - Soft-goal Interdependency Graphs
KW - Trade-off analysis
UR - http://www.scopus.com/inward/record.url?scp=85139055101&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-16697-6_9
DO - 10.1007/978-3-031-16697-6_9
M3 - Conference contribution
AN - SCOPUS:85139055101
SN - 9783031166969
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 131
EP - 139
BT - Software Architecture - 16th European Conference, ECSA 2022, Proceedings
A2 - Gerostathopoulos, Ilias
A2 - Lewis, Grace
A2 - Batista, Thais
A2 - Bureš, Tomáš
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th European Conference on Software Architecture, ECSA 2022
Y2 - 19 September 2022 through 23 September 2022
ER -