Attack graph generation for microservice architecture

Amjad Ibrahim, Stevica Bozhinoski, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

26 Scopus citations

Abstract

Microservices, which are typically technologically heterogenous and can be deployed automatically, are increasingly dominating service systems. However, with increased utilization of third-party components distributed as images, the potential vulnerabilities in microservice-based systems increase. Based on component dependency, such vulnerabilities can lead to exposing a system's critical assets. Similar problems have been addressed by the computer networks community. In this paper, we propose utilizing attack graphs in the continuous delivery infrastructure of microservices-based systems. To that end, we relate microservices to network nodes and automatically generate attack graphs that help practitioners identify, analyze, and prevent plausible attack paths in their microservice-based container networks. We present a complete solution that can be easily embedded in continuous delivery systems and demonstrate its efficiency and scalability based on real-world use cases.

Original languageEnglish
Title of host publicationProceedings of the ACM Symposium on Applied Computing
PublisherAssociation for Computing Machinery
Pages1235-1242
Number of pages8
ISBN (Print)9781450359337
DOIs
StatePublished - 2019
Event34th Annual ACM Symposium on Applied Computing, SAC 2019 - Limassol, Cyprus
Duration: 8 Apr 201912 Apr 2019

Publication series

NameProceedings of the ACM Symposium on Applied Computing
VolumePart F147772

Conference

Conference34th Annual ACM Symposium on Applied Computing, SAC 2019
Country/TerritoryCyprus
CityLimassol
Period8/04/1912/04/19

Keywords

  • Attack Graph Generation
  • Containers
  • Microservices

Fingerprint

Dive into the research topics of 'Attack graph generation for microservice architecture'. Together they form a unique fingerprint.

Cite this