Francisco Leonardo Ponce Mella, J. Soldani, Carla Taramasco, Hernán Astudillo, Antonio Brogi
{"title":"Beyond Security: Understanding the Multiple Impacts of Security Smells for Microservices","authors":"Francisco Leonardo Ponce Mella, J. Soldani, Carla Taramasco, Hernán Astudillo, Antonio Brogi","doi":"10.19153/cleiej.27.2.6","DOIUrl":null,"url":null,"abstract":"Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).","PeriodicalId":30032,"journal":{"name":"CLEI Electronic Journal","volume":"87 14","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CLEI Electronic Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.19153/cleiej.27.2.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Mathematics","Score":null,"Total":0}
引用次数: 0
Abstract
Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice security smells –and of the refactorings known to mitigate their effects– beyond security. In particular, we systematically elicit possible impacts of smells and refactorings on applications’ maintainability, performance efficiency, and adherence to microservices’ key design principles. We then validate the elicited impacts through an online survey targeting experienced practitioners and researchers. Our main contributions include 35 validated impacts and a discussion of the survey results geared towards analyzing the (mis)alignment between practitioners and researchers. Finally, we also provide a holistic view of these impacts, through Softgoal Interdependency Graphs (SIGs).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
