An Empirical Study of Security Practices for Microservices Systems

21 Pages Posted: 24 Jun 2022

See all articles by Rezaei Nasab Ali

Rezaei Nasab Ali

Wuhan University

Shahin Mojtaba

Royal Melbourne Institute of Technolog (RMIT University)

Hoseyni Raviz Seyed Ali

Wuhan University

Peng Liang

Wuhan University

Mashmool Amir

Università degli Studi di Genova

Valentina Lenarduzzi

University of Oulu

Abstract

Despite the numerous benefits of microservices systems, security has been a critical issue in such systems. Several factors explain this difficulty, including a knowledge gap among microservices practitioners on properly securing a microservices system. To (partially) bridge this gap, we conducted an empirical study to manually analyze 861 security points collected from 10 GitHub open-source microservices systems and Stack Overflow posts concerning security in microservices systems, leading to a catalog of 28 microservices security practices. We then ran a survey with 63 microservices practitioners to evaluate the usefulness of these 28 practices. Our findings demonstrate that the survey respondents affirmed the usefulness of the 28 practices. We believe that the catalog of microservices security practices can serve as a valuable resource for microservices practitioners to more effectively address security issues in microservices systems. It can also inform the research community of the required or less explored areas to develop microservices-specific security practices and tools.

Keywords: Microservice, Security, Empirical Study, Practitioners, Practice

Suggested Citation

Ali, Rezaei Nasab and Mojtaba, Shahin and Ali, Hoseyni Raviz Seyed and Liang, Peng and Amir, Mashmool and Lenarduzzi, Valentina, An Empirical Study of Security Practices for Microservices Systems. Available at SSRN: https://ssrn.com/abstract=4145415 or http://dx.doi.org/10.2139/ssrn.4145415

Rezaei Nasab Ali

Wuhan University ( email )

Wuhan
China

Shahin Mojtaba

Royal Melbourne Institute of Technolog (RMIT University) ( email )

124 La Trobe Street
Melbourne, 3000
Australia

Hoseyni Raviz Seyed Ali

Wuhan University ( email )

Wuhan
China

Peng Liang (Contact Author)

Wuhan University ( email )

Wuhan
China

Mashmool Amir

Università degli Studi di Genova ( email )

Via Vivaldi 5
Genova, 16126
Italy

Valentina Lenarduzzi

University of Oulu ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
81
Abstract Views
282
Rank
613,307
PlumX Metrics