Abstract | ||
---|---|---|
Microservices, which are typically technologically heterogenous and can be deployed automatically, are increasingly dominating service systems. However, with increased utilization of third-party components distributed as images, the potential vulnerabilities in microservice-based systems increase. Based on component dependency, such vulnerabilities can lead to exposing a system's critical assets. Similar problems have been addressed by the computer networks community. In this paper, we propose utilizing attack graphs in the continuous delivery infrastructure of microservices-based systems. To that end, we relate microservices to network nodes and automatically generate attack graphs that help practitioners identify, analyze, and prevent plausible attack paths in their microservice-based container networks. We present a complete solution that can be easily embedded in continuous delivery systems and demonstrate its efficiency and scalability based on real-world use cases.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3297280.3297401 | SAC |
Keywords | Field | DocType |
attack graph generation, containers, microservices | Continuous delivery,Architecture,Use case,Computer science,Node (networking),Microservices,Attack graph,Scalability,Distributed computing | Conference |
ISBN | Citations | PageRank |
978-1-4503-5933-7 | 2 | 0.36 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Amjad Ibrahim | 1 | 7 | 1.64 |
Stevica Bozhinoski | 2 | 2 | 0.36 |
Alexander Pretschner | 3 | 26 | 9.69 |