Automated Identification of Security Discussions in Microservices Systems: Industrial Surveys and Experiments

by   Ali Rezaei Nasab, et al.
Monash University
Wuhan University

Lack of awareness and knowledge of microservices-specific security challenges and solutions often leads to ill-informed security decisions in microservices system development. We claim that identifying and leveraging security discussions scattered in existing microservices systems can partially close this gap. We define security discussion as "a paragraph from developer discussions that includes design decisions, challenges, or solutions relating to security". We first surveyed 67 practitioners and found that securing microservices systems is a unique challenge and that having access to security discussions is useful for making security decisions. The survey also confirms the usefulness of potential tools that can automatically identify such security discussions. We developed fifteen machine/deep learning models to automatically identify security discussions. We applied these models on a manually constructed dataset consisting of 4,813 security discussions and 12,464 non-security discussions. We found that all the models can effectively identify security discussions: an average precision of 84.86 F1-score of 77.89 model, performs the best, achieving above 84 outperforms three baselines. Finally, the practitioners' feedback collected from a validation survey reveals that security discussions identified by DeepM1 have promising applications in practice.


page 3

page 10

page 12

page 15

page 17


An Empirical Study of Security Practices for Microservices Systems

Despite the numerous benefits of microservices systems, security has bee...

Sonification in security operations centres: what do security practitioners think?

In Security Operations Centres (SOCs) security practitioners work using ...

Validation of Hardware Security and Trust: A Survey

With ever advancing in digital system, security has been emerged as a ma...

Securing Serverless Computing: Challenges, Solutions, and Opportunities

Serverless computing is a new cloud service model that reduces both clou...

Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Cloud-based application deployment is becoming increasingly popular amon...

Mental Models of Adversarial Machine Learning

Although machine learning (ML) is widely used in practice, little is kno...

Please sign up or login with your details

Forgot password? Click here to reset