Triaging Microservice Security Smells, with TriSS

Francisco Ponce, Jacopo Soldani, Carla Taramasco, Hernan Astudillo, Antonio Brogi

Producción científica: Contribución a los tipos de informe/libroContribución a la conferenciarevisión exhaustiva

3 Citas (Scopus)

Resumen

Securing microservice applications is crucial. Security smells denote symptoms of bad -often unintentional- design decisions, which may result in violating security properties, and that can be resolved via refactoring. Stakeholders take into account the services' business value, problem criticality, and available resources to decide which smells to resolve or leave alone, but making such decisions is inherently complex for microservice applications with many services, possibly affected by multiple security smell instances. Borrowing from hospital emergency room triage practices, which assign an urgency code to incoming patients, this paper introduces the notion of urgency for microservice security smell instances, and proposes the TriSS method to triage them. TriSS enables assigning to each security smell instance with an urgency code based on combining the services' business relevance and the smells' impacts on security and other quality attributes, e.g., performance and maintainability. The practical applicability of TriSS is illustrated with a use case based on a third-party microservice application, and its usefulness is evaluated with a controlled experiment involving 26 practitioners. The experiment's results suggest that TriSS eases the triage process and yields urgency codes on which practitioners are more confident.

Idioma originalInglés
Título de la publicación alojadaProceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
EditorialAssociation for Computing Machinery
Páginas698-706
Número de páginas9
ISBN (versión digital)9798400717017
DOI
EstadoPublicada - 18 jun. 2024
Evento28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 - Salerno, Italia
Duración: 18 jun. 202421 jun. 2024

Serie de la publicación

NombreACM International Conference Proceeding Series

Conferencia

Conferencia28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
País/TerritorioItalia
CiudadSalerno
Período18/06/2421/06/24

Áreas temáticas de ASJC Scopus

  • Interacción persona-ordenador
  • Redes de ordenadores y comunicaciones
  • Visión artificial y reconocimiento de patrones
  • Software

Huella

Profundice en los temas de investigación de 'Triaging Microservice Security Smells, with TriSS'. En conjunto forman una huella única.

Citar esto