Bicocca Open Archive

Logo unimib boa

Microservice security smells denote possible symptoms of bad design decisions that may compromise the security of an application. Therefore, security smells should be carefully checked and possibly resolved by applying some refactorings. In this paper, we introduce SST (Security Smell Triager) an open-source tool that automates the triage of the possibly multiple instances of security smells affecting an existing microservice application, to support determining which instance is “more urgent” than others and should be considered first. SST also supports reasoning on whether/how to resolve a security smell instance through refactoring, by displaying the impact on quality attributes (like maintainability and performance efficiency) of both security smell instances and their refactoring. We also assess the usefulness of SST through a controlled experiment.

Ponce, F., Malnati, A., Negro, R., Fontana, F., Astudillo, H., Brogi, A., et al. (2024). SST: A Tool to Support the Triage of Security Smells in Microservice Applications. SN COMPUTER SCIENCE, 5(8) [10.1007/s42979-024-03372-5].

SST: A Tool to Support the Triage of Security Smells in Microservice Applications

Fontana, Francesca Arcelli;
2024

Abstract

Microservice security smells denote possible symptoms of bad design decisions that may compromise the security of an application. Therefore, security smells should be carefully checked and possibly resolved by applying some refactorings. In this paper, we introduce SST (Security Smell Triager) an open-source tool that automates the triage of the possibly multiple instances of security smells affecting an existing microservice application, to support determining which instance is “more urgent” than others and should be considered first. SST also supports reasoning on whether/how to resolve a security smell instance through refactoring, by displaying the impact on quality attributes (like maintainability and performance efficiency) of both security smell instances and their refactoring. We also assess the usefulness of SST through a controlled experiment.
Articolo in rivista - Articolo scientifico
Microservices; Refactoring; Security smells instances; Triage;
English
4-nov-2024
2024
5
8
1014
reserved
Ponce, F., Malnati, A., Negro, R., Fontana, F., Astudillo, H., Brogi, A., et al. (2024). SST: A Tool to Support the Triage of Security Smells in Microservice Applications. SN COMPUTER SCIENCE, 5(8) [10.1007/s42979-024-03372-5].
01 - Articolo su rivista
File in questo prodotto:
File Dimensione Formato  
Ponce-2024-SN Comput Sci-VoR.pdf

Solo gestori archivio

Tipologia di allegato: Publisher’s Version (Version of Record, VoR)
Licenza: Tutti i diritti riservati
Dimensione 1.86 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
1.86 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10281/533323
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
Social impact