Impacts of Service Decomposition Models on Security Attributes: A Case Study with 5G Network Repository Function

Microservices-based architectures gain more and more attention in industry and academia due to their tremendous advantages such as providing resiliency, scalability, composability, etc. To benefit from these advantages, a proper architectural design is very important. The decomposition model of services into microservices and the granularity of these microservices affect the different aspects of the system such as flexibility, maintainability, performance, and security. An inappropriate service decomposition into microservices (improper granularity) may increase the attack surface of the system and lower its security level. In this paper, first, we study the probability of compromising services before and after decomposition. Then we formulate the impacts of possible service decomposition models on confidentiality, integrity, and availability attributes of the system. To do so, we provide equations for measuring confidentiality, integrity, and availability risks of the decomposed services in the system. It is also shown that the number of entry points to the decomposed services and the size of the microservices affect the security attributes of the system. As a use case, we propose three different service decomposition models for the 5G NRF (Network Repository Function) and calculate the impacts of these decomposition models on the confidentiality, integrity, and availability of the system using the provided equations.