logo SBA

ETD

Digital archive of theses discussed at the University of Pisa

 

Thesis etd-10302023-110805


Thesis type
Tesi di laurea magistrale
Author
FIORELLA, LAURA
URN
etd-10302023-110805
Thesis title
Trade-off analysis for resolving security smells in microservice-based architectures
Department
INFORMATICA
Course of study
INFORMATICA
Supervisors
relatore Prof. Brogi, Antonio
relatore Prof. Soldani, Jacopo
relatore Prof. Maña Gomez, Antonio
Keywords
  • soft goal
  • security smells
  • refactoring
  • model-based
  • trade-off analysis
  • microservices system
Graduation session start date
01/12/2023
Availability
None
Summary
Nowadays microservices systems are on the rise in enterprise application architecture because they provide a way to organize the system into smaller services working almost independently. But their distributed nature brings also some issues, e.g., those related to the security of the system. Among
the many aspects of this field, the main characters of this work will be the so-called security smells, which represent hints of possible security violations. They could be solved or mitigated with so-called refactorings, which however usually required a considerable effort, or could produce undesirable impacts on other system requirements. The other starts are the so-called soft goal,
sort of system requirements used to evaluate the effects of the presence of a security smell, as well as the ones deriving from the application of refactoring. This Master Thesis presents an approach to support the developers in carrying out a trade-off analysis on generic microservices systems. This type of analysis aims to identify the effects of a certain refactoring, applicable to the system or to individual microservices, to solve or mitigate the problem of security smells. The starting point is an already developed visual formalism called Soft Goal Interdependency Graph (SIG) which allows to represent some of the relations between the Soft Goals of the systems and the agents involved and
provides some formal relationships between them. The main innovation proposed is a general model of security knowledge which contains a formal relation between some of the main refactoring solutions
and the goals of the system they could affect, which is an advance to the state of the art. The approach is model-based, according to a specific UML Profile developed in this thesis, which has been entirely implemented using Visual Paradigm. Most of the process is automated using implemented Groovy
scripts executable directly in the Visual Paradigm environment. To validate the approach, the proposed artifacts, algorithms, and tools have been applied to an “Online Boutique”. Microservices example system defined by Google, to show the effects on a realistic case study and to show the advantages and limitations of the new approach over the actual analysis techniques.
File