On automated RBAC assessment by constructing a centralized perspective for microservice mesh
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F21%3A00121079" target="_blank" >RIV/00216224:14330/21:00121079 - isvavai.cz</a>
Result on the web
<a href="https://peerj.com/articles/cs-376/" target="_blank" >https://peerj.com/articles/cs-376/</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.7717/peerj-cs.376" target="_blank" >10.7717/peerj-cs.376</a>
Alternative languages
Result language
angličtina
Original language name
On automated RBAC assessment by constructing a centralized perspective for microservice mesh
Original language description
It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
—
Continuities
S - Specificky vyzkum na vysokych skolach
Others
Publication year
2021
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
PeerJ Computer Science
ISSN
2376-5992
e-ISSN
—
Volume of the periodical
7
Issue of the periodical within the volume
e376
Country of publishing house
US - UNITED STATES
Number of pages
24
Pages from-to
1-24
UT code for WoS article
000616121200001
EID of the result in the Scopus database
2-s2.0-85101294481