An official website of the United States government
It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.
more »
« less
On Automatic Software Architecture Reconstruction of Microservice Applications
The adoption of Microservice Architecture (MSA) is rapidly becoming standard for modern software development. However, the added benefits of using a distributed architecture, including reliability and scalability, come with a cost in increasing the system’s complexity. One way developers attempt to mitigate the effects of an overly complicated system is through Systematic Architecture Reconstruction (SAR), which creates a high-level overview of the system concerns. This is typically done manually, which takes a great amount of effort from the developers. This paper proposes a method for automatically completing SAR of an MSA application through code analysis and demonstrating it on a case study on an existing microservice benchmark application.
more »
« less
- Award ID(s):
- 1854049
- PAR ID:
- 10310337
- Date Published:
- Journal Name:
- Information Science and Applications. Lecture Notes in Electrical Engineering
- Volume:
- 739
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)Microservice Architecture (MSA) is becoming the predominant direction of new cloud-based applications. There are many advantages to using microservices, but also downsides to using a more complex architecture than a typical monolithic enterprise application. Beyond the normal poor coding practices and code smells of a typical application, microservice-specific code smells are difficult to discover within a distributed application setup. There are many static code analysis tools for monolithic applications, but tools to offer code-smell detection for microservice-based applications are lacking. This paper proposes a new approach to detect code smells in distributed applications based on microservices. We develop an MSANose tool to detect up to eleven different microservice specific code smells and share it as open-source. We demonstrate our tool through a case study on two robust benchmark microservice applications and verify its accuracy. Our results show that it is possible to detect code smells within microservice applications using bytecode and/or source code analysis throughout the development process or even before its deployment to production.more » « less
-
null; null; null (Ed.)Microservice Architecture (MSA) is rapidly taking over modern software engineering and becoming the predominant architecture of new cloud-based applications (apps). There are many advantages to using MSA, but there are many downsides to using a more complex architecture than a typical monolithic enterprise app. Beyond the normal bad coding practices and code-smells of a typical app, MSA specific code-smells are difficult to discover within a distributed app. There are many static code analysis tools for monolithic apps, but no tool exists to offer code-smell detection for MSA-based apps. This paper proposes a new approach to detect code smells in distributed apps based on MSA. We develop an open-source tool, MSANose, which can accurately detect up to eleven different types of MSA specific code smells. We demonstrate our tool through a case study on a benchmark MSA app and verify its accuracy. Our results show that it is possible to detect code-smells within MSA apps using bytecode and or source code analysis throughout the development or before deployment to production.more » « less
-
Modern mobile devices feature ever increasing computational, sensory, and network resources, which can be shared to execute tasks on behalf of nearby devices. Mobile device clouds (MDCs) facilitate such distributed execution by exposing the collective resources of a set of nearby mobile devices through a unified programming interface. However, the true potential of MDCs remains untapped, as they fail to provide practical programming support for developers to execute distributed functionalities. To address this problem, we introduce a microservice-based Programmable MDC architecture (PMDC), highly customized for the unique features of MDC environments. PMDC conveniently provisions functionalities as microservices, which are deployed on MDC devices on demand. PMDC features a novel domain specific language that provides abstractions for concisely expressing fine-grained control over the procedures of device capability sharing and microservice execution. Furthermore, PMDC introduces a new system component-the microservice gateway, which reconciles the supply of available device capabilities and the demand for microservice execution to distribute microservices within an MDC. Our evaluation shows that MDCs, expressed by developers through the PMDC declarative programming interface, exhibit low energy consumption and high performance.more » « less
-
Microservice architecture design requires the architect to meet the needs of multiple stakeholders and to address their needs for maintainability, scalability, and availability. In the microservice architecture context, a comprehensive performance and scalability assessment is a dynamic activity, which is focused on the detection of service level metric deviations from objectives using a defined operational profile. Root cause analysis is focused on the identification of the activated microservice components given the defined load profile. Therefore, performance issues are identified by detecting dynamic deviations from the expected behaviors of the service level metric.In contrast, microservice architecture assessment focus is on identifying implicit relations among microservice components. Architecture anti-patterns are identified by detecting deviations from the defined formal design patterns. As the ultimate objective of microservice architecture design is to build high-quality applications it would be expected that architecture refactoring based on the removal of architecture anti-patterns will result in meeting stakeholder needs of better scalability and availability.In this paper we present an empirical assessment of architecture anti-pattern detection in combination with the identification of performance issues using two state of the art tools: DV8 for architecture and PPTAM for performance. We make use of Train Ticket, i.e., a benchmark microservice system, and we observed the co-occurrence of architectural (Clique) and performance (Blob) anti-patterns, noting that high coupling shows much worse performance scores. We have found strong correlation between the normalized distance performance metric and architecture coupling values using several similarity metrics. Our empirical results show that operational profile based performance testing and analysis can be used to help prioritize architecture refactoring.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1007/978-981-33-6385-4_21
