Uma Análise Abrangente de Soluções de Autenticação para Microsserviços: Uma Revisão Sistemática
Resumo
A migração de sistemas atualmente se concentra na modernização de sistemas legados e monolíticos para arquiteturas de microsserviços. A arquitetura de microsserviços pode trazer benefícios, porém, também traz desafios, principalmente quanto ao aspecto de segurança para autenticação de usuários. Para enfrentar esses desafios, soluções como API gateways e proxies são utilizadas para fazer o controle de acesso do usuário a um conjunto de aplicações que rodam sob microsserviços. Neste trabalho buscamos encontrar estudos que abordam aspectos sobre soluções, ferramentas e tecnologias sobre autenticação de sistemas em arquitetura de microsserviços. Identificamos 5 ferramentas de autenticação mais mencionadas pelos estudos selecionados.
Referências
Alshuqayran, N., Ali, N., and Evans, R. (2016). A systematic mapping study in microservice architecture. In 9th International Conference on Service-Oriented Computing and Applications (SOCA), pages 44–51, Macau, China. IEEE.
Ampatzoglou, A., Bibi, S., Avgeriou, P., Verbeek, M., and Chatzigeorgiou, A. (2019). Identifying, categorizing and mitigating threats to validity in software engineering se condary studies. Applied Sciences, 106(30).
Bhutada, S. and Jyothi, K. (2019). Enhancing security to the microservice (ms) architec ture by implementing authentication and authorization (aa) service using docker and kubernetes. International Journal of Innovative Technology and Exploring Engineering, 8(6):401–407.
Bánáti, A., Kail, E., Karóczkai, K., and Kozlovszky, M. (2018). Authentication and authorization orchestrator for microservice-based software architectures. In 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pages 1180–1184.
Chatterjee, A. and Prinz, A. (2022). Applying spring security framework with keycloak based oauth2 to protect microservice architecture apis: A case study. Sensors, 22(5).
Das, D., Walker, A., Bushong, V., Svacina, J., Cerny, T., and Matyas, V. (2021). On automated rbac assessment by constructing a centralized perspective for microservice mesh. PeerJ Computer Science, 7:1–24.
de Almeida, M. G. and Canedo, E. D. (2022). Authentication and Authorization in Microservices Architecture: A Systematic Literature Review. Applied Sciences, 12(6).
Dybå, T. and Dingsøyr, T. (2008). Strength of evidence in systematic reviews in software engineering. In 2nd ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM’08, pages 178-187, New York, USA. ACM.
Hannousse, A. and Yahiouche, S. (2021). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 41.
He, X. and Yang, X. (2017). Authentication and authorization of end user in microservice architecture. Journal of Physics: Conference Series, 910(1).
Kitchenham, B. and Brereton, P. (2013). A Systematic Review of Systematic Review Process Research in Software Engineering. Inf. and Softw. Tech., 55(12):2049–2075.
Liu, H., Wang, Z., Huang, L., and Wang, K. (2020). Building a private cloud based on microservices for computer science laboratory in universities. In 7th International Conference on Information Science and Control Engineering, pages 379–384. IEEE.
Melton, R. (2021). Securing a Cloud-Native C2 Architecture Using SSO and JWT. In 2021 IEEE Aerospace Conference (50100), pages 1–8.
Pasomsup, C. and Limpiyakorn, Y. (2021). HT-RBAC: A Design of Role-based Access Control Model for Microservice Security Manager. In International Conference on Big Data Engineering and Education, BDEE’21, pages 177–181.
Pereira-Vale, A., Marquez, G., Astudillo, H., and Fernandez, E. B. (2019). Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping. In XLV Latin American Computing Conference (CLEI), pages 1–10, Panama. IEEE.
Ponce, F., Soldani, J., Astudillo, H., and Brogi, A. (2022). Smells and refactorings for microservices security: A multivocal literature review. Systems and Software, 192.
Pontarolli, R. P., Bigheti, J. A., de Sa, L. B. R., and Godoy, E. P. (2021). Towards Security Mechanisms for an Industrial Microservice-Oriented Architecture. In 14th IEEE International Conference on Industry Applications (INDUSCON), pages 679–685.
Preuveneers, D. and Joosen, W. (2019). Towards Multi-party Policy-based Access Control in Federations of Cloud and Edge Microservices. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 29–38.
Raj, P., Vanga, S., and Chaudhary, A. (2023). Microservices Security: The Concerns and the Solution Approaches, pages 289–298. Wiley-IEEE Press.
Ranawaka, I., Marru, S., Graham, J., Bisht, A., Basney, J., Fleury, T., Gaynor, J., Wan nipurage, D., Christie, M., Mahmoud, A., Afgan, E., and Pierce, M. (2020). Custos: Security Middleware for Science Gateways. In Practice and Experience in Advanced Research Computing, PEARC’20, pages 278—-284, New York, USA. ACM.
ShuLin, Y. and JiePing, H. (2020). Research on Unified Authentication and Authorization in Microservice Architecture. In 20th International Conference on Communication Technology (ICCT), pages 1169–1173. IEEE.
Snger, N. and Abeck, S. (2022). Authentication and authorization in microservice-based applications. Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), P-326:207–218.
Triartono, Z., Negara, R. M., and Sussi (2019). Implementation of Role-Based Access Control on OAuth 2.0 as Authentication and Authorization System. In 6th Int. Conf. on Electrical Engineering, Computer Science and Informatics (EECSI), pages 259–263.
Wohlin, C., Petersen, K., Runeson, P., Ohlsson, M. C., and Host, M. (2016). Guidelines for snowballing in systematic literature studies and a replication in software engineering. Empirical Software Engineering, 21(3):797–829.
Wohlin, C., Runeson, P., Hst, M., Ohlsson, M. C., Regnell, B., and Wessln, A. (2012). Experimentation in Software Engineering. Springer Publishing Company, Inc.
Xiong, Q. and Li, W. (2022). Design and Implementation of Microservices Gateway Based on Spring Cloud Zuul. In 3rd International Conference on Computer Information and Big Data Applications (CIBDA), pages 1–5.
Xu, R., Jin, W., and Kim, D. (2019). Microservice security agent based on api gateway in edge computing. Sensors (Switzerland), 19(22).
Xu, S., Bao, S., Fei, B., Su, Z., and Yu, Y. (2008). Exploring Folksonomy for Personalized Search. In 31st Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 155–162, New York, USA. ACM.
Yang, J., Hou, H., Li, H., and Zhu, Q. (2021). User Fast Authentication Method Based on Microservices. In IEEE International Conference on Power Electronics, Computer Applications (ICPECA), pages 93–98.
Yarygina, T. and Bagge, A. (2018). Overcoming security challenges in microservice architectures. In 12th International Symposium on Service-Oriented System Engineering and 9th International Workshop on Joint Cloud Computing, pages 11–20. IEEE.
Ampatzoglou, A., Bibi, S., Avgeriou, P., Verbeek, M., and Chatzigeorgiou, A. (2019). Identifying, categorizing and mitigating threats to validity in software engineering se condary studies. Applied Sciences, 106(30).
Bhutada, S. and Jyothi, K. (2019). Enhancing security to the microservice (ms) architec ture by implementing authentication and authorization (aa) service using docker and kubernetes. International Journal of Innovative Technology and Exploring Engineering, 8(6):401–407.
Bánáti, A., Kail, E., Karóczkai, K., and Kozlovszky, M. (2018). Authentication and authorization orchestrator for microservice-based software architectures. In 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pages 1180–1184.
Chatterjee, A. and Prinz, A. (2022). Applying spring security framework with keycloak based oauth2 to protect microservice architecture apis: A case study. Sensors, 22(5).
Das, D., Walker, A., Bushong, V., Svacina, J., Cerny, T., and Matyas, V. (2021). On automated rbac assessment by constructing a centralized perspective for microservice mesh. PeerJ Computer Science, 7:1–24.
de Almeida, M. G. and Canedo, E. D. (2022). Authentication and Authorization in Microservices Architecture: A Systematic Literature Review. Applied Sciences, 12(6).
Dybå, T. and Dingsøyr, T. (2008). Strength of evidence in systematic reviews in software engineering. In 2nd ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM’08, pages 178-187, New York, USA. ACM.
Hannousse, A. and Yahiouche, S. (2021). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 41.
He, X. and Yang, X. (2017). Authentication and authorization of end user in microservice architecture. Journal of Physics: Conference Series, 910(1).
Kitchenham, B. and Brereton, P. (2013). A Systematic Review of Systematic Review Process Research in Software Engineering. Inf. and Softw. Tech., 55(12):2049–2075.
Liu, H., Wang, Z., Huang, L., and Wang, K. (2020). Building a private cloud based on microservices for computer science laboratory in universities. In 7th International Conference on Information Science and Control Engineering, pages 379–384. IEEE.
Melton, R. (2021). Securing a Cloud-Native C2 Architecture Using SSO and JWT. In 2021 IEEE Aerospace Conference (50100), pages 1–8.
Pasomsup, C. and Limpiyakorn, Y. (2021). HT-RBAC: A Design of Role-based Access Control Model for Microservice Security Manager. In International Conference on Big Data Engineering and Education, BDEE’21, pages 177–181.
Pereira-Vale, A., Marquez, G., Astudillo, H., and Fernandez, E. B. (2019). Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping. In XLV Latin American Computing Conference (CLEI), pages 1–10, Panama. IEEE.
Ponce, F., Soldani, J., Astudillo, H., and Brogi, A. (2022). Smells and refactorings for microservices security: A multivocal literature review. Systems and Software, 192.
Pontarolli, R. P., Bigheti, J. A., de Sa, L. B. R., and Godoy, E. P. (2021). Towards Security Mechanisms for an Industrial Microservice-Oriented Architecture. In 14th IEEE International Conference on Industry Applications (INDUSCON), pages 679–685.
Preuveneers, D. and Joosen, W. (2019). Towards Multi-party Policy-based Access Control in Federations of Cloud and Edge Microservices. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 29–38.
Raj, P., Vanga, S., and Chaudhary, A. (2023). Microservices Security: The Concerns and the Solution Approaches, pages 289–298. Wiley-IEEE Press.
Ranawaka, I., Marru, S., Graham, J., Bisht, A., Basney, J., Fleury, T., Gaynor, J., Wan nipurage, D., Christie, M., Mahmoud, A., Afgan, E., and Pierce, M. (2020). Custos: Security Middleware for Science Gateways. In Practice and Experience in Advanced Research Computing, PEARC’20, pages 278—-284, New York, USA. ACM.
ShuLin, Y. and JiePing, H. (2020). Research on Unified Authentication and Authorization in Microservice Architecture. In 20th International Conference on Communication Technology (ICCT), pages 1169–1173. IEEE.
Snger, N. and Abeck, S. (2022). Authentication and authorization in microservice-based applications. Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), P-326:207–218.
Triartono, Z., Negara, R. M., and Sussi (2019). Implementation of Role-Based Access Control on OAuth 2.0 as Authentication and Authorization System. In 6th Int. Conf. on Electrical Engineering, Computer Science and Informatics (EECSI), pages 259–263.
Wohlin, C., Petersen, K., Runeson, P., Ohlsson, M. C., and Host, M. (2016). Guidelines for snowballing in systematic literature studies and a replication in software engineering. Empirical Software Engineering, 21(3):797–829.
Wohlin, C., Runeson, P., Hst, M., Ohlsson, M. C., Regnell, B., and Wessln, A. (2012). Experimentation in Software Engineering. Springer Publishing Company, Inc.
Xiong, Q. and Li, W. (2022). Design and Implementation of Microservices Gateway Based on Spring Cloud Zuul. In 3rd International Conference on Computer Information and Big Data Applications (CIBDA), pages 1–5.
Xu, R., Jin, W., and Kim, D. (2019). Microservice security agent based on api gateway in edge computing. Sensors (Switzerland), 19(22).
Xu, S., Bao, S., Fei, B., Su, Z., and Yu, Y. (2008). Exploring Folksonomy for Personalized Search. In 31st Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 155–162, New York, USA. ACM.
Yang, J., Hou, H., Li, H., and Zhu, Q. (2021). User Fast Authentication Method Based on Microservices. In IEEE International Conference on Power Electronics, Computer Applications (ICPECA), pages 93–98.
Yarygina, T. and Bagge, A. (2018). Overcoming security challenges in microservice architectures. In 12th International Symposium on Service-Oriented System Engineering and 9th International Workshop on Joint Cloud Computing, pages 11–20. IEEE.
Publicado
06/12/2023
Como Citar
CARGNELUTTI, Rodrigo; BASSO, Fábio Paulo; BERNARDINO, Maicon.
Uma Análise Abrangente de Soluções de Autenticação para Microsserviços: Uma Revisão Sistemática. In: ESCOLA REGIONAL DE ENGENHARIA DE SOFTWARE (ERES), 7. , 2023, Maringá/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 228-237.
DOI: https://doi.org/10.5753/eres.2023.237314.
