Microservice security: a systematic literature review

Davide Berardi; Saverio Giallorenzo; Jacopo Mauro; Andrea Melis; Fabrizio Montesi; Marco Prandini

doi:10.7717/PEERJ-CS.779

Microservice security: a systematic literature review

Davide Berardi, Saverio Giallorenzo, Jacopo Mauro, Andrea Melis, Fabrizio Montesi, Marco Prandini^*

^*Corresponding author for this work

Department of Mathematics and Computer Science

Research output: Contribution to journal › Journal article › Research › peer-review

410 Downloads (Pure)

Abstract

Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

Original language	English
Article number	e779
Journal	PeerJ Computer Science
Volume	8
ISSN	2376-5992
DOIs	https://doi.org/10.7717/PEERJ-CS.779
Publication status	Published - 2022

Bibliographical note

Publisher Copyright:
© 2022 Berardi et al. All Rights Reserved.

Keywords

Authentication
Authentication and authorization
Emerging Technologies
Infrastructure-as-a-service
Intrusion detection and prevention
Privacy
Security and Privacy
Service composition
Service deployment
Service discovery
Software development
Software Engineering
Threat model

Documents & Links

10.7717/PEERJ-CS.779Licence: CC BY

Open Access VersionFinal published version, 8.57 MBLicence: CC BY

Microservice Security: A Systematic Literature Review, dataset
Berardi, D. (Creator), Giallorenzo, S. (Creator), Mauro, J. (Creator), Melis, A. (Creator), Montesi, F. (Creator) & Prandini, M. (Creator), Zenodo, 20. May 2021
DOI: 10.5281/zenodo.5513580
Dataset

Cite this

@article{13b90c2a6e8d434c90bf747e8e4f8b8e,

title = "Microservice security: a systematic literature review",

abstract = "Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.",

keywords = "Authentication, Authentication and authorization, Emerging Technologies, Infrastructure-as-a-service, Intrusion detection and prevention, Privacy, Security and Privacy, Service composition, Service deployment, Service discovery, Software development, Software Engineering, Threat model",

author = "Davide Berardi and Saverio Giallorenzo and Jacopo Mauro and Andrea Melis and Fabrizio Montesi and Marco Prandini",

year = "2022",

doi = "10.7717/PEERJ-CS.779",

language = "English",

volume = "8",

journal = "PeerJ Computer Science",

issn = "2376-5992",

publisher = "PeerJ Inc.",

}

TY - JOUR

T1 - Microservice security

T2 - a systematic literature review

AU - Berardi, Davide

AU - Giallorenzo, Saverio

AU - Mauro, Jacopo

AU - Melis, Andrea

AU - Montesi, Fabrizio

AU - Prandini, Marco

PY - 2022

Y1 - 2022

N2 - Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

AB - Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

KW - Authentication

KW - Authentication and authorization

KW - Emerging Technologies

KW - Infrastructure-as-a-service

KW - Intrusion detection and prevention

KW - Privacy

KW - Security and Privacy

KW - Service composition

KW - Service deployment

KW - Service discovery

KW - Software development

KW - Software Engineering

KW - Threat model

U2 - 10.7717/PEERJ-CS.779

DO - 10.7717/PEERJ-CS.779

M3 - Journal article

AN - SCOPUS:85124010553

SN - 2376-5992

VL - 8

JO - PeerJ Computer Science

JF - PeerJ Computer Science

M1 - e779

ER -

Microservice security: a systematic literature review

Abstract

Bibliographical note

Keywords

Documents & Links

Fingerprint

Related datasets

Microservice Security: A Systematic Literature Review, dataset

Cite this