On automated RBAC assessment by constructing a centralized perspective for microservice mesh

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsi...

Descripción completa

Detalles Bibliográficos
Autores principales: Das, Dipta, Walker, Andrew, Bushong, Vincent, Svacina, Jan, Cerny, Tomas, Matyas, Vashek
Formato: Online Artículo Texto
Lenguaje:English
Publicado: PeerJ Inc. 2021
Materias:
Security and Privacy
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7924674/
https://www.ncbi.nlm.nih.gov/pubmed/33817024
http://dx.doi.org/10.7717/peerj-cs.376
_version_ 1783659138607218688
author Das, Dipta
Walker, Andrew
Bushong, Vincent
Svacina, Jan
Cerny, Tomas
Matyas, Vashek
author_facet Das, Dipta
Walker, Andrew
Bushong, Vincent
Svacina, Jan
Cerny, Tomas
Matyas, Vashek
author_sort Das, Dipta
collection PubMed
description It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.
format Online
Article
Text
id pubmed-7924674
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher PeerJ Inc.
record_format MEDLINE/PubMed
spelling pubmed-79246742021-04-02 On automated RBAC assessment by constructing a centralized perspective for microservice mesh Das, Dipta Walker, Andrew Bushong, Vincent Svacina, Jan Cerny, Tomas Matyas, Vashek PeerJ Comput Sci Security and Privacy It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies. PeerJ Inc. 2021-02-01 /pmc/articles/PMC7924674/ /pubmed/33817024 http://dx.doi.org/10.7717/peerj-cs.376 Text en © 2021 Das et al. https://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited.
spellingShingle Security and Privacy
Das, Dipta
Walker, Andrew
Bushong, Vincent
Svacina, Jan
Cerny, Tomas
Matyas, Vashek
On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title_full On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title_fullStr On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title_full_unstemmed On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title_short On automated RBAC assessment by constructing a centralized perspective for microservice mesh
title_sort on automated rbac assessment by constructing a centralized perspective for microservice mesh
topic Security and Privacy
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7924674/
https://www.ncbi.nlm.nih.gov/pubmed/33817024
http://dx.doi.org/10.7717/peerj-cs.376
work_keys_str_mv AT dasdipta onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh
AT walkerandrew onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh
AT bushongvincent onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh
AT svacinajan onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh
AT cernytomas onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh
AT matyasvashek onautomatedrbacassessmentbyconstructingacentralizedperspectiveformicroservicemesh

Ejemplares similares