Show Levels: Sets how many heading levels will be used in the TOC.2 Faculty of Informatics, Masaryk University, Brno, Czech Republic DOI 10.7717/peerj-cs.376 Published Accepted Received Academic Editor Mario Luca Bernardi Subject Areas Security and Privacy, Software Engineering Keywords Microservices, REST, RBAC, Access control, Authorization, Security, Static code analysis, Systematic architecture reconstruction Copyright © 2021 Das et al. Here you can choose from additional formatting options: Formats: Shows built-in and your own custom TOC format styles. In Word, choose InsertIndex and Tables, and then select the Table of Contents tab in the Index and Tables dialog that appears.
Constructing An Index For A Book, In Word 2011 Mac 2011 DocumentsInsert a table of contents into your Word for Mac 2011 documents get just a few clicks.Explore our books. PeerJ Computer Science 7: e376 A table of content is a list of all the parts present in a book. On automated RBAC assessment by constructing a centralized perspective for microservice mesh. Cite this article Das D, Walker A, Bushong V, Svacina J, Cerny T, Matyas V. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited.Explore our free collection of COVID-19 related research articles published in our leading medical journals.It is important in software development to enforce proper restrictions on protected services and resources. What key points should you include in a cover letter for your paper & what should you avoid COVID-19. Guide: Writing a cover letter.Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. However, RBAC policies can be inconsistent across services, and they require proper assessment. ![]() However, the security aspects gradually become more complex as the number of microservices grows. Developing a secured REST-based infrastructure is relatively easy for a smaller number of microservices. In contrast, not much has been studied for service-to-service communication patterns.Currently, the most popular way to establish communication between services is to use Representational State Transfer (REST) ( Vural, Koyuncu & Guney, 2017 Salah et al., 2016). This is done through a process of Systematic Architecture Reconstruction (SAR) in which overall views are constructed from existing application artifacts. Even system architects may not understand the complete picture of the application since many of those microservices may not be in the initial blueprint of the application but rather were added later.Thus, we need to establish an automatic way to generate the overall communication pattern for the whole application before diving into the security aspects. This is because individual developers only have an idea of a subset of microservices they maintain but lack an understanding of the overall picture. Enforcing a robust security solution for such applications is tedious for developers and might lead to security disagreement among microservices. Call of duty torrent macRBAC is one of the popular methods of securing REST services where each user of the application is assigned to a set of roles that grant access to different parts of the system. Our work focuses on intra-and inter-microservice inconsistencies highlighting all possible RBAC issues.An application’s core security requirement is to ensure that it can only be used by legitimate users ( Mohanty, Mohanty & Balakrishnan, 2016). This application was developed separately but re-purposed here as a testbed for performing static code analysis. We present a case study on a single enterprise application called Teacher Management System (TMS) consisting of four individual microservices. More specifically, we focused on finding Role-Based Access Control (RBAC) inconsistencies among microservices using static code analysis. By automating the first three phases of SAR and utilizing the constructed views, we can focus on the analysis phase and present an approach to enumerate possible security loopholes in the application. According to a survey conducted in 2014 by the International Data Group ( Mohanty, Mohanty & Balakrishnan, 2016), about 63% of applications have not been tested for security vulnerabilities. Finding inconsistencies among RBAC rules in a large system is a cumbersome and difficult task due to different levels of abstractions, poor coding practices, and coupling with third-party services. First, centralized among all the microservices and, second, per microservice-based.Thus, next in this article, we focus on the centralized approach. For example, the 2014 eBay hack, which was caused by improper access control restrictions, impacted over 145 million users ( Swinhoe, 2020). Security breaches can cost companies billions and require significant time and effort to resolve. Ignoring such security vulnerabilities is expensive. Also, it is difficult to emulate all possible scenarios for penetration testing. However, such an approach needs the application to be fully deployed, and running penetration tests against a production deployment could lead to disruption for end users. The most accurate outcome from such a test can be obtained via rigorous penetration testing. “Proposed Method” describes our proposed method in detail, and section four explores a case study. Section two discusses the related work and state of the art. It is for these reasons we use static code analysis for our automated SAR process.The article is organized as follows. Although static code analysis is no panacea, when carefully implemented, it can detect many vulnerabilities. End-users or other microservices can access these features through an application programming interface (API). Role-based access controlIn microservice-based applications, each microservice implements a subset of features. Next, we assess existing approaches for the SAR. First, we assess the limitations of RBAC analysis in the context of enterprise systems. Related workIn this section, we present related work from the two different perspectives considered in this article. Throughout the article, the terms “inconsistency”, “violation” and “issue” are used interchangeably to indicate a potential flaw. According to Stormpath, over 70% of public APIs are designed using REST ( Hunsaker, 2015). However, it has been dominated by REST in recent years. For many years, SOAP was a standard approach for web service interfaces. While REST is an architecture for API development that works over standard HTTP protocol, SOAP is just a protocol. ![]()
0 Comments
Leave a Reply. |
AuthorLisa ArchivesCategories |