Security for Microservices Group
Mission
Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. In fact all the big advantages that microservices introduces come at a cost: distributed systems are hard to manage, and increasing the number of services of an application gives malicious actors a larger attack surface. Several security concerns that are particularly relevant for microservices have been identified, and early research has already shown that the application of standard patterns for system reliability needs to take new parameters into consideration—like the locations at which the patterns are deployed. The importance of security in microservices creates the need for understanding and analysing the state of the art for securing this kind of architectures. It is particularly important to understand which problems are especially relevant for microservice systems, and how existing techniques can contribute to addressing them. The goal of the proposed group it will be to stimulate discussion about current security trends in microservice architectures, such as:
- Design
- Formal methods for secure distributed systems design Development
- Development
- Best practices
- Security-oriented languages and development processes
- Toolchain security, automated compliance check
- Deployment
- Compliance checking before admission / static analysis
- Integrated IDS/IPS features in gateways
- Runtime
- Data provenance tracking, authentication and monitoring frameworks
Of course the group will be act also as a latest news feeder for what concerns the last vulnerabilities or attacks that may be linked to some of the most used technologies into the microservice world. The dissemination plan for this group will be done mainly through the social platform already active such as the Discord (or Slack) Channels, with the goal to create a workshop that aim to collect all the work-in-progress activities about this topic.
Contacts
You can contact the Security for Microservices Group at the address security@microservices.community.Members
| Member | Organisation | Position |
|---|---|---|
| Andrea Melis | University of Bologna, IT | Group Coordinator |
| Alessandro Molari | CyberLoop Consulting, IT | Group Coordinator |