On automated RBAC assessment by constructing a centralized
perspective for microservice mesh

J 2021

On automated RBAC assessment by constructing a centralized perspective for microservice mesh

DAS, Dipta; Andrew WALKER; Vincent BUSHONG; Jan SVACINA; Tomas CERNY et al.

Základní údaje

Originální název

On automated RBAC assessment by constructing a centralized perspective for microservice mesh

Autoři

DAS, Dipta; Andrew WALKER; Vincent BUSHONG; Jan SVACINA; Tomas CERNY a Václav MATYÁŠ

Vydání

PeerJ Computer Science, 2021, 2376-5992

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 2.411

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/21:00121079

Organizační jednotka

Fakulta informatiky

Klíčová slova anglicky

Microservices; REST; RBAC; Access control; Authorization; Security; Static code analysis; Systematic architecture reconstruction

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 30. 3. 2021 10:43, prof. RNDr. Václav Matyáš, M.Sc., Ph.D.

Anotace

V originále

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.

Citovat

DAS, Dipta; Andrew WALKER; Vincent BUSHONG; Jan SVACINA; Tomas CERNY a Václav MATYÁŠ. On automated RBAC assessment by constructing a centralized perspective for microservice mesh. PeerJ Computer Science. 2021, roč. 7, e376, s. 1-24. ISSN 2376-5992. Dostupné z: https://doi.org/10.7717/peerj-cs.376.

@article{1736796,
   author = {Das, Dipta and Walker, Andrew and Bushong, Vincent and Svacina, Jan and Cerny, Tomas and Matyáš, Václav},
   article_number = {e376},
   doi = {https://doi.org/10.7717/peerj-cs.376},
   keywords = {Microservices; REST; RBAC; Access control; Authorization; Security; Static code analysis; Systematic architecture reconstruction},
   language = {eng},
   issn = {2376-5992},
   journal = {PeerJ Computer Science},
   title = {On automated RBAC assessment by constructing a centralized perspective for microservice mesh},
   url = {https://peerj.com/articles/cs-376/},
   volume = {7},
   year = {2021}
}

TY  - JOUR
ID  - 1736796
AU  - Das, Dipta - Walker, Andrew - Bushong, Vincent - Svacina, Jan - Cerny, Tomas - Matyáš, Václav
PY  - 2021
TI  - On automated RBAC assessment by constructing a centralized perspective for microservice mesh
JF  - PeerJ Computer Science
VL  - 7
IS  - e376
SP  - 1-24
EP  - 1-24
SN  - 23765992
KW  - Microservices
KW  - REST
KW  - RBAC
KW  - Access control
KW  - Authorization
KW  - Security
KW  - Static code analysis
KW  - Systematic architecture reconstruction
UR  - https://peerj.com/articles/cs-376/
L2  - https://peerj.com/articles/cs-376/
N2  - It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.
ER  -

DAS, Dipta; Andrew WALKER; Vincent BUSHONG; Jan SVACINA; Tomas CERNY a Václav MATYÁŠ. On automated RBAC assessment by constructing a centralized perspective for microservice mesh. \textit{PeerJ Computer Science}. 2021, roč.~7, e376, s.~1-24. ISSN~2376-5992. Dostupné z: https://doi.org/10.7717/peerj-cs.376.

Přehled o publikaci