Correcting a system after it has been deployed is always more expensive than correcting it earlier in its lifecycle. When it comes to security weaknesses, this cost becomes even greater because the weakness can be exploited by an attacker to cause major damages, and fixes are disruptive. This work addresses the problem of security weaknesses in microservices architectures. We propose an approach for building a predictor of security weaknesses in this type of architecture. To achieve this, we used a comprehensive curated dataset of microservice architectures with annotated security weaknesses, and developed a machine learning model for early prediction of architectural security issues using design-level metrics. The work is grounded in the hypothesis that architectural structure patterns can serve as reliable predictors of security compliance in microservice systems, enabling early detection of security weaknesses before implementation. Our predictive model leverages architectural metrics to assess compliance with key security concerns defined by well-known rules for secure microservice design. The analysis reveals specific architectural patterns as consistent indicators of security risks, providing interpretable insights that can guide architects in making informed design decisions.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Predicting Security Weaknesses in Microservice Architectures Using Structural Metrics

  • Soundos Benni,
  • Meriem Hathat,
  • Jeisson Vergara-Vargas,
  • Soumia Zellagui,
  • Chouki Tibermacine,
  • Salah Sadou

摘要

Correcting a system after it has been deployed is always more expensive than correcting it earlier in its lifecycle. When it comes to security weaknesses, this cost becomes even greater because the weakness can be exploited by an attacker to cause major damages, and fixes are disruptive. This work addresses the problem of security weaknesses in microservices architectures. We propose an approach for building a predictor of security weaknesses in this type of architecture. To achieve this, we used a comprehensive curated dataset of microservice architectures with annotated security weaknesses, and developed a machine learning model for early prediction of architectural security issues using design-level metrics. The work is grounded in the hypothesis that architectural structure patterns can serve as reliable predictors of security compliance in microservice systems, enabling early detection of security weaknesses before implementation. Our predictive model leverages architectural metrics to assess compliance with key security concerns defined by well-known rules for secure microservice design. The analysis reveals specific architectural patterns as consistent indicators of security risks, providing interpretable insights that can guide architects in making informed design decisions.