Should Microservice Security Smells Stay or be Refactored? Towards a Trade-off Analysis

Francisco Ponce, Jacopo Soldani, Hernán Astudillo, Antonio Brogi

Producción científica: Contribución a los tipos de informe/libroContribución a la conferenciarevisión exhaustiva

4 Citas (Scopus)

Resumen

Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. Security smells, i.e. possible symptoms of (often unintentional) bad design decisions, can occur in microservice-based applications, resulting in violations of key security properties as well as design soundness (i.e. adherence to microservice design principles). However, it is non-trivial to decide in each case whether to apply a refactoring to mitigate the effects of a smell, or whether it is more convenient to keep the smell in the application (at least at that specific time), since its refactoring may impact both the application quality and design soundness. This paper argues for trade-off analysis to help determining whether to keep a security smell or to apply a refactoring, based on their positive/negative impacts on specific quality attributes and design soundness. The method enacts and supports this trade-off analysis using Softgoal Interdependency Graphs (SIGs), a visual formalism that provides a holistic view of the positive/negative impacts of, in our case, security smells and refactorings on software quality attributes and design soundness. We also illustrate our method with a detailed analysis of a well-known security smell and its possible refactoring. Further development and empirical validation of this method will allow to deploy automatic recommendations on trade-offs and appropriateness of possible refactorings of microservice applications.

Idioma originalInglés
Título de la publicación alojadaSoftware Architecture - 16th European Conference, ECSA 2022, Proceedings
EditoresIlias Gerostathopoulos, Grace Lewis, Thais Batista, Tomáš Bureš
EditorialSpringer Science and Business Media Deutschland GmbH
Páginas131-139
Número de páginas9
ISBN (versión impresa)9783031166969
DOI
EstadoPublicada - 2022
Publicado de forma externa
Evento16th European Conference on Software Architecture, ECSA 2022 - Prague, República Checa
Duración: 19 sep. 202223 sep. 2022

Serie de la publicación

NombreLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volumen13444 LNCS
ISSN (versión impresa)0302-9743
ISSN (versión digital)1611-3349

Conferencia

Conferencia16th European Conference on Software Architecture, ECSA 2022
País/TerritorioRepública Checa
CiudadPrague
Período19/09/2223/09/22

Áreas temáticas de ASJC Scopus

  • Ciencia computacional teórica
  • Ciencia de la Computación General

Huella

Profundice en los temas de investigación de 'Should Microservice Security Smells Stay or be Refactored? Towards a Trade-off Analysis'. En conjunto forman una huella única.

Citar esto