TY - JOUR
T1 - Smells and refactorings for microservices security
T2 - A multivocal literature review
AU - Ponce, Francisco
AU - Soldani, Jacopo
AU - Astudillo, Hernán
AU - Brogi, Antonio
N1 - Publisher Copyright:
© 2022 Elsevier Inc.
PY - 2022/10
Y1 - 2022/10
N2 - Context: Securing microservices is crucial, as many IT companies are delivering their businesses through microservices. If security “smells” affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the available knowledge on securing microservices is scattered across different pieces of white and grey literature, our objective here is to distill well-known smells for securing microservices, together with the refactorings enabling to mitigate their effects. Method: To capture the state of the art and practice in securing microservices, we conducted a multivocal review of the existing white and grey literature on the topic. We systematically analysed 58 primary studies, selected among those published from 2011 until the end of 2020. Results: Ten bad smells for securing microservices are identified, which we organized in a taxonomy, associating each smell with the security properties it may violate and the refactorings enabling to mitigate its effects. Conclusions: The security smells and the corresponding refactorings have pragmatic value for practitioners, who can exploit them in their daily work on securing microservices. They also serve as a starting point for researchers wishing to establish new research directions on securing microservices.
AB - Context: Securing microservices is crucial, as many IT companies are delivering their businesses through microservices. If security “smells” affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the available knowledge on securing microservices is scattered across different pieces of white and grey literature, our objective here is to distill well-known smells for securing microservices, together with the refactorings enabling to mitigate their effects. Method: To capture the state of the art and practice in securing microservices, we conducted a multivocal review of the existing white and grey literature on the topic. We systematically analysed 58 primary studies, selected among those published from 2011 until the end of 2020. Results: Ten bad smells for securing microservices are identified, which we organized in a taxonomy, associating each smell with the security properties it may violate and the refactorings enabling to mitigate its effects. Conclusions: The security smells and the corresponding refactorings have pragmatic value for practitioners, who can exploit them in their daily work on securing microservices. They also serve as a starting point for researchers wishing to establish new research directions on securing microservices.
UR - http://www.scopus.com/inward/record.url?scp=85132709336&partnerID=8YFLogxK
U2 - 10.1016/j.jss.2022.111393
DO - 10.1016/j.jss.2022.111393
M3 - Article
AN - SCOPUS:85132709336
SN - 0164-1212
VL - 192
JO - Journal of Systems and Software
JF - Journal of Systems and Software
M1 - 111393
ER -