{"title":"为微服务构建安全环境","authors":"B. Northern, D. Ulybyshev","doi":"10.1109/SRMC57347.2022.00008","DOIUrl":null,"url":null,"abstract":"Microservice-based architectures are widely used in modern software and the number of cyber attacks on software is increasing. It is essential to make microservices more reliable and resilient against cyber attacks. In this paper, we propose a methodology to detect configurations of computing systems that host microservices and containers, evaluate cyber risks of their essential components in an automatic continuous mode, and reconfigure environments aiming to make them less vulnerable against cyber attacks. Our solution supports multiple operating systems and hardware configurations. For cyber risk evaluation, our approach relies on a public database of Common Vulnerabilities and Exposures for software and hardware, as well as penetration testing and static analysis. Furthermore, the cyber risk evaluation model considers the attributes of microservices, such as their privilege level. We will show least and most vulnerable configurations for computing systems that use popular operating systems and applications.","PeriodicalId":205724,"journal":{"name":"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)","volume":"310 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Building Secure Environments for Microservices\",\"authors\":\"B. Northern, D. Ulybyshev\",\"doi\":\"10.1109/SRMC57347.2022.00008\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Microservice-based architectures are widely used in modern software and the number of cyber attacks on software is increasing. It is essential to make microservices more reliable and resilient against cyber attacks. In this paper, we propose a methodology to detect configurations of computing systems that host microservices and containers, evaluate cyber risks of their essential components in an automatic continuous mode, and reconfigure environments aiming to make them less vulnerable against cyber attacks. Our solution supports multiple operating systems and hardware configurations. For cyber risk evaluation, our approach relies on a public database of Common Vulnerabilities and Exposures for software and hardware, as well as penetration testing and static analysis. Furthermore, the cyber risk evaluation model considers the attributes of microservices, such as their privilege level. We will show least and most vulnerable configurations for computing systems that use popular operating systems and applications.\",\"PeriodicalId\":205724,\"journal\":{\"name\":\"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)\",\"volume\":\"310 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SRMC57347.2022.00008\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRMC57347.2022.00008","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Microservice-based architectures are widely used in modern software and the number of cyber attacks on software is increasing. It is essential to make microservices more reliable and resilient against cyber attacks. In this paper, we propose a methodology to detect configurations of computing systems that host microservices and containers, evaluate cyber risks of their essential components in an automatic continuous mode, and reconfigure environments aiming to make them less vulnerable against cyber attacks. Our solution supports multiple operating systems and hardware configurations. For cyber risk evaluation, our approach relies on a public database of Common Vulnerabilities and Exposures for software and hardware, as well as penetration testing and static analysis. Furthermore, the cyber risk evaluation model considers the attributes of microservices, such as their privilege level. We will show least and most vulnerable configurations for computing systems that use popular operating systems and applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
