logo SBA


Digital archive of theses discussed at the University of Pisa


Thesis etd-10302023-110805

Thesis type
Tesi di laurea magistrale
Thesis title
Trade-off analysis for resolving security smells in microservice-based architectures
Course of study
relatore Prof. Brogi, Antonio
relatore Prof. Soldani, Jacopo
relatore Prof. Maña Gomez, Antonio
  • soft goal
  • security smells
  • refactoring
  • model-based
  • trade-off analysis
  • microservices system
Graduation session start date
Nowadays microservices systems are on the rise in enterprise application architecture because they provide a way to organize the system into smaller services working almost independently. But their distributed nature brings also some issues, e.g., those related to the security of the system. Among
the many aspects of this field, the main characters of this work will be the so-called security smells, which represent hints of possible security violations. They could be solved or mitigated with so-called refactorings, which however usually required a considerable effort, or could produce undesirable impacts on other system requirements. The other starts are the so-called soft goal,
sort of system requirements used to evaluate the effects of the presence of a security smell, as well as the ones deriving from the application of refactoring. This Master Thesis presents an approach to support the developers in carrying out a trade-off analysis on generic microservices systems. This type of analysis aims to identify the effects of a certain refactoring, applicable to the system or to individual microservices, to solve or mitigate the problem of security smells. The starting point is an already developed visual formalism called Soft Goal Interdependency Graph (SIG) which allows to represent some of the relations between the Soft Goals of the systems and the agents involved and
provides some formal relationships between them. The main innovation proposed is a general model of security knowledge which contains a formal relation between some of the main refactoring solutions
and the goals of the system they could affect, which is an advance to the state of the art. The approach is model-based, according to a specific UML Profile developed in this thesis, which has been entirely implemented using Visual Paradigm. Most of the process is automated using implemented Groovy
scripts executable directly in the Visual Paradigm environment. To validate the approach, the proposed artifacts, algorithms, and tools have been applied to an “Online Boutique”. Microservices example system defined by Google, to show the effects on a realistic case study and to show the advantages and limitations of the new approach over the actual analysis techniques.