超越安全：了解微服务安全嗅觉的多重影响

Q4 Mathematics

CLEI Electronic Journal Pub Date : 2024-07-21 DOI:10.19153/cleiej.27.2.6

Francisco Leonardo Ponce Mella, J. Soldani, Carla Taramasco, Hernán Astudillo, Antonio Brogi

{"title":"超越安全：了解微服务安全嗅觉的多重影响","authors":"Francisco Leonardo Ponce Mella, J. Soldani, Carla Taramasco, Hernán Astudillo, Antonio Brogi","doi":"10.19153/cleiej.27.2.6","DOIUrl":null,"url":null,"abstract":"Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).","PeriodicalId":30032,"journal":{"name":"CLEI Electronic Journal","volume":"87 14","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Beyond Security: Understanding the Multiple Impacts of Security Smells for Microservices\",\"authors\":\"Francisco Leonardo Ponce Mella, J. Soldani, Carla Taramasco, Hernán Astudillo, Antonio Brogi\",\"doi\":\"10.19153/cleiej.27.2.6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).\",\"PeriodicalId\":30032,\"journal\":{\"name\":\"CLEI Electronic Journal\",\"volume\":\"87 14\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CLEI Electronic Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.19153/cleiej.27.2.6\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Mathematics\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CLEI Electronic Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.19153/cleiej.27.2.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 0

摘要

微服务在企业 IT 领域的发展势头迅猛，因为它们能够构建云原生应用程序。与此同时，微服务也带来了新的安全挑战，包括安全隐患，即可能影响应用程序安全的不良（尽管通常是无意的）设计决策的症状。本研究旨在探索微服务安全气味的影响--以及已知可减轻其影响的重构--的安全性之外的影响。特别是，我们将系统地引出安全漏洞和重构对应用程序可维护性、性能效率以及遵守微服务关键设计原则的可能影响。然后，我们通过一项针对经验丰富的从业人员和研究人员的在线调查来验证所得出的影响。我们的主要贡献包括 35 项经过验证的影响，以及对调查结果的讨论，旨在分析从业人员和研究人员之间的（误）协调。最后，我们还通过软目标相互依存图（Softgoal Interdependency Graphs，SIGs）提供了这些影响的整体视图。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Beyond Security: Understanding the Multiple Impacts of Security Smells for Microservices

Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

CLEI Electronic Journal Computer Science-Computer Science (miscellaneous)

CiteScore

0.70

自引率

0.00%

发文量

审稿时长

40 weeks