TY - GEN
T1 - Attack graph generation for microservice architecture
AU - Ibrahim, Amjad
AU - Bozhinoski, Stevica
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019
Y1 - 2019
N2 - Microservices, which are typically technologically heterogenous and can be deployed automatically, are increasingly dominating service systems. However, with increased utilization of third-party components distributed as images, the potential vulnerabilities in microservice-based systems increase. Based on component dependency, such vulnerabilities can lead to exposing a system's critical assets. Similar problems have been addressed by the computer networks community. In this paper, we propose utilizing attack graphs in the continuous delivery infrastructure of microservices-based systems. To that end, we relate microservices to network nodes and automatically generate attack graphs that help practitioners identify, analyze, and prevent plausible attack paths in their microservice-based container networks. We present a complete solution that can be easily embedded in continuous delivery systems and demonstrate its efficiency and scalability based on real-world use cases.
AB - Microservices, which are typically technologically heterogenous and can be deployed automatically, are increasingly dominating service systems. However, with increased utilization of third-party components distributed as images, the potential vulnerabilities in microservice-based systems increase. Based on component dependency, such vulnerabilities can lead to exposing a system's critical assets. Similar problems have been addressed by the computer networks community. In this paper, we propose utilizing attack graphs in the continuous delivery infrastructure of microservices-based systems. To that end, we relate microservices to network nodes and automatically generate attack graphs that help practitioners identify, analyze, and prevent plausible attack paths in their microservice-based container networks. We present a complete solution that can be easily embedded in continuous delivery systems and demonstrate its efficiency and scalability based on real-world use cases.
KW - Attack Graph Generation
KW - Containers
KW - Microservices
UR - http://www.scopus.com/inward/record.url?scp=85065651585&partnerID=8YFLogxK
U2 - 10.1145/3297280.3297401
DO - 10.1145/3297280.3297401
M3 - Conference contribution
AN - SCOPUS:85065651585
SN - 9781450359337
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 1235
EP - 1242
BT - Proceedings of the ACM Symposium on Applied Computing
PB - Association for Computing Machinery
T2 - 34th Annual ACM Symposium on Applied Computing, SAC 2019
Y2 - 8 April 2019 through 12 April 2019
ER -