International Journal of Innovative Research in Engineering and Management
Year: 2025, Volume: 13, Issue: 1
First page : ( 58) Last page : ( 61)
Online ISSN : 2350-0557.
DOI: 10.55524/ijircst.2025.13.1.8 |
DOI URL: https://doi.org/10.55524/ijircst.2025.13.1.8
Crossref
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (CC BY 4.0) (http://creativecommons.org/licenses/by/4.0)
Article Tools: Print the Abstract | Indexing metadata | How to cite item | Email this article | Post a Comment
Ojas Kumar , Ashima Narang
Microservices architecture, described with characteristics of being distributed and loosely coupled, has become popular in recent times for software development. It offers flexibility, scalability, and a fault tolerance that accompanies a different set of security challenges. The introduction of microservices architecture shifted the application development pattern as well as deployment pattern because the monolithic systems were broken down into smaller, independent, and scalable services, but its nature of being distributed generated certain specific security issues. This research paper explores security vulnerabilities related to microservices, analyzes specific problems they raise, and seeks to know the methods and best practices for reducing these threats. Discussed subjects include authentication and authorization, secure communication, data protection, service segregation, monitoring, and incident response. This paper discusses the critical security threats arising with microservices applications and those that include increased attack surface, API security, data protection, and IAM. We discuss the root cause of these weaknesses and then present a feasible approach to combating them. Then we proceed further and involve discussions about security as code and DevSecOps practices and new technologies like blockchain and zero-trust architecture for protecting microservices environments. Organizations can enjoy the benefits of microservices and still keep their applications safe from any kind of threat by identifying these challenges and applying suitable security strategies.
Maruti Techlabs, "API Gateways in Microservices Architecture," Maruti Techlabs, Feb. 2022. Available from: https://marutitech.com/api-gateway-in-microservices-architecture/
DevSecOps, "DevSecOps Manifesto," DevSecOps, Jul. 2021. Available from: https://www.devsecops.org
Docker, "Docker - Build, ship, and run any app, anywhere," Docker, Jun. 2021. Available from: https://www.docker.com
Event-B, "Event-B and the Rodin Platform," Event-B, Jul. 2021. Available from: http://www.event-b.org/index.html
JSON Web Tokens (JWT), "Introduction to JSON web tokens," JWT, Jan. 2021. Available from: https://jwt.io/introduction
Okta, "OAuth vs OpenID Connect: What's the difference?," Okta, Feb. 2022.
Software Secured, "STRIDE Threat Modeling," Software Secured, Jan. 2022. Available from:: https://www.softwaresecured.com/stride-threat-modeling/
Carnegie Mellon University Software Engineering Institute, "Threat Modeling: 12 Available Methods," SEI Insights, Jun. 2021. Available from: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
Al-Masri, E., Mahmoud, Q.H.: Qos-based discovery And ranking of web services. In: 2008 15th international Conference on Computer communications and networks. pp. 519–534. IEEE 2007. Available from: http://dx.doi.org/10.1109/ICCCN.2007.4317873
Andersen, M.P., Kolb, J., Chen, K., Fierro, G., culler, D.E., Katz, R.: Democratizing Authority in the built environment. ACM transactions on sensor Networks (TOSN) 14(3-4), 1–26 2018. Available from: https://dl.acm.org/doi/10.1145/3199665
Blakeley, Cooney, C., Dehghantanha, A., Aspin, R.: Cloud Storage forensic: hubic as a Case-study. In: 2015 IEEE 7th International Conference on cloud computing technology and Science (cloud comp). pp. 536–541. IEEE 2014 Available from: http://dx.doi.org/10.1109/CloudCom.2015.24
Bushng, V., Abdelfattah, S., Maruf, A., Das, D., Lehman, Jaroszewski, E., Coffey, M., Cerny, Frajtak, K., tisnovsky, Bures, M.: On microservice analysis and architecture evolution- A systematic mapping study. Applied sciences 12(17) 2022. Available from: https://www.mdpi.com/2076-3417/11/17/7856
Carnell, J., sánchez, I.H. Spring Microservices in action. Simon And Schuster, 2022. Available from: https://www.simonandschuster.co.in/books/Microservices-in-Action/Morgan-Bruce/9781638356066
Gorige, D., Masri, E., Kanzhelev, S., Fattah, H. Privacy-Risk detection in Microservices composition using Distributed tracing. In: 2022 IEEE eurasia conference on IOT, Communication and Engineering (ECICE). pp. 251–253. IEEE 2021. Available from: https://doi.org/10.1109/ECICE50847.2020.9301952
Gummaraju, Desikan, T., turner, Y.: Over 20% of official Images in docker hub contains high priority securities vulnerabilitie. Technical Report 2014. Available from: https://doi.org/10.1145/3029806.3029832
Gupta, R.K.P., Venkatachalapathy, M., Jeberl, F.K.: Challenges in adopting continuous delivery and devOps in a globally distributed product team, In: 2019 ACM/IEEE 15th International Conference on Global software engineering (ICGSE). pp. 30–35. IEEE 2019. Available from: http://dx.doi.org/10.1109/ICGSE.2019.00020
Leiter, L., Rochas, C., Kon, F., Miljicic, D., Meirelles, P.: A Survey of devOps concepts and challenges. ACM Computing Surveys (CSUR) 52(6), 1–3, 2020 . Available from: https://doi.org/10.1145/3359981
Lwakatares, L.E., Kilamos, T., karvonen, T., dauvola, T., Heikkilä, V., Itkonren, J., Kuvaja, P., Mikkonen, T., Oivo, M., Lassdenius, C.: Devops in practice: A multiple case study of six companies. Information and software Technology 112, 217–230, 2016. Available from: http://dx.doi.org/10.1016/j.infsof.2019.06.010
Nehmke, A., Jesus, V., Mahlbub, K., Abdallah, A.: securing microservices. IT professional 22(1), 42–49, 2019. Available from: http://dx.doi.org/10.1016/j.cose.2021.102200
Sunejsa, S., Kanrso, A., Iscii, C.: Can containers fusion be securely achieved? In: proceedings of the 6th International Workshop on container Technologies and Container Clouds. pp. 31–35 2018. Available from: http://dx.doi.org/10.1145/3366615.3368356
Torkurra, K.A., Sukmrana, M.I., Meinsel, C.: Integrating Continuous securities assessment in microservic and cloud native application. In: Proceeding of the11th International Conference on Utilities and Cloud Computing. pp. 172–180 2018. Available from: http://dx.doi.org/10.1145/3147213.3147229
MCA Scholar, Department of Computer Application, Amity University, Gurugram, Haryana, India
No. of Downloads: 5 | No. of Views: 131
Muhammad Ismaeel Khan, Aftab Arif, Ali Raza A Khan, Nadeem Anjum, Haroon Arif .
January 2025 - Vol 13, Issue 1
Aftab Arif, Muhammad Ismaeel Khan, Ali Raza A Khan, Nadeem Anjum, Haroon Arif.
January 2025 - Vol 13, Issue 1
Ali Raza A Khan, Muhammad Ismaeel Khan, Aftab Arif, Nadeem Anjum, Haroon Arif.
January 2025 - Vol 13, Issue 1