Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2022 Jan 5:8:e779.
doi: 10.7717/peerj-cs.779. eCollection 2022.

Microservice security: a systematic literature review

Davide Berardi  1 Saverio Giallorenzo  1   2 Jacopo Mauro  3 Andrea Melis  1 Fabrizio Montesi  3 Marco Prandini  1
Affiliations

Microservice security: a systematic literature review

Davide Berardi et al. PeerJ Comput Sci. .

Abstract

Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications-at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

Keywords: Authentication; Authentication and authorization; Infrastructure-as-a-service; Intrusion detection and prevention; Privacy; Service composition; Service deployment; Service discovery; Software development; Threat model.

PubMed Disclaimer

Conflict of interest statement

The authors declare that they have no competing interests.

Figures

Figure 1
Figure 1. Schema of the method followed to gather the dataset for this review.
Figure 2
Figure 2. Time and category distribution of publications.
Figure 3
Figure 3. Conferences with the largest number of publications in our dataset.
Figure 4
Figure 4. Journals with the largest number of publications in our dataset.
Figure 5
Figure 5. Word-Net of the abstracts in our dataset.
Figure 6
Figure 6. Type of publications.
Figure 7
Figure 7. Attack type identified following the STRIDE classification.
Figure 8
Figure 8. Blockchain trend.
See this image and copyright information in PMC

References

    1. Abidi S, Essafi M, Guegan CG, Fakhri M, Witti H, Ghezala HHB. A web service security governance approach based on dedicated micro-services. Procedia Computer Science. 2019;159(3):372–386. doi: 10.1016/j.procs.2019.09.192. - DOI
    1. Adam A, Alam MM. The fog cloud of things: a survey on concepts, architecture, standards, tools, and applications. Iternet of Thing. 2020;9:100177. doi: 10.1016/j.iot.2020.100177. - DOI
    1. Adedugbe O, Benkhelifa E, Campion R, Al-Obeidat F, Hani AB, Uchitha J. Leveraging cloud computing for the semantic web: review and trends. Soft Computing. 2019;24:5999–6014. doi: 10.1007/s00500-019-04559-2. - DOI
    1. Agarwal S, Malandrino F, Chiasserini CF, De S. VNF placement and resource allocation for the support of vertical services in 5g networks. IEEE/ACM Transactions on Networking. 2019;27(1):433–446. doi: 10.1109/TNET.2018.2890631. - DOI
    1. Ahmadvand M, Ibrahim A. Requirements reconciliation for scalable and secure microservice (de) composition. 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW); Piscataway: IEEE; 2016. pp. 68–73.

LinkOut - more resources