An Empirical Study of Security Practices for Microservices Systems

by   Ali Rezaei Nasab, et al.
University of Oulu
Monash University
Wuhan University

Despite the numerous benefits of microservices systems, security has been a critical issue in such systems. Several factors explain this difficulty, including a knowledge gap among microservices practitioners on properly securing a microservices system. To (partially) bridge this gap, we conducted an empirical study to manually analyze 861 security points collected from 10 GitHub open-source microservices systems and Stack Overflow posts concerning security of microservices systems, leading to a catalog of 28 microservices security practices. We then ran a survey with 63 microservices practitioners to evaluate the usefulness of these 28 practices. Our findings demonstrate that the survey respondents affirmed the usefulness of the 28 practices. These 28 security practices are further classified into six categories based on their topics: Authorization and Authentication, Token and Credentials, Internal and External Microservices, Microservices Communications, Private Microservices, and Database and Environments. We believe that the catalog of microservices security practices can serve as a valuable resource for microservices practitioners to more effectively address security issues in microservices systems. It can also inform the research community of the required or less explored areas to develop microservices-specific security practices and tools.


page 7

page 8


No Free Lunch: Microservice Practices Reconsidered in Industry

Microservice architecture advocates a number of technologies and practic...

Automated Identification of Security Discussions in Microservices Systems: Industrial Surveys and Experiments

Lack of awareness and knowledge of microservices-specific security chall...

Deconstructing NLG Evaluation: Evaluation Practices, Assumptions, and Their Implications

There are many ways to express similar things in text, which makes evalu...

Computing and Authentication Practices in Global Oil and Gas Fields

Oil and gas fields are a critical part of our infrastructure, and vulner...

Practices and Challenges of Using GitHub Copilot: An Empirical Study

With the advances in machine learning, there is a growing interest in AI...

Sonification in security operations centres: what do security practitioners think?

In Security Operations Centres (SOCs) security practitioners work using ...

Please sign up or login with your details

Forgot password? Click here to reset