Identifying availability tactics to support security architectural design of microservice-based systems

Microservices is an architectural style that considers systems as modular, customer-centric, independent, and scalable suite of services. In order to address security requirements in microservices-based systems, architects often must focus on critical quality attributes, such as availability, aiming at employing architectural solutions that provide design decisions that address key security concerns (also known as architectural tactics). Although current architectural tactics for availability offer an extensive catalog of alternatives to improve availability and security factors, new availability concerns (emerging from security microservices requirements) demand new or improved architectural tactics. In this article, we examined the source code and documentation of 17 open source microservices-based systems, identified 5 uses of availability tactics, and characterized them using a newly introduced descriptive template. We found that almost all (4 out of 5) tactics did focus on preventing faults rather than detecting, mitigating or recovering from them (which are the traditional tactics taxonomies' branches). This approach can be further used to systematically identify and characterize architectural tactics in existing microservices-based systems in other critical quality attributes concerning security, such as confidentiality and integrity.

[1]  Claus Pahl,et al.  Benchmark Requirements for Microservices Architecture Research , 2017, 2017 IEEE/ACM 1st International Workshop on Establishing the Community-Wide Infrastructure for Architecture-Based Software Engineering (ECASE).

[2]  Martin Fowler,et al.  Patterns of Enterprise Application Architecture , 2002 .

[3]  Matthias Galster,et al.  Can Latent Topics in Source Code Predict Missing Architectural Tactics? , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[4]  Decheng Zuo,et al.  An extensible fault tolerance testing framework for microservice-based cloud applications , 2018, ICCIP '18.

[5]  Anthony Peruma,et al.  Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[6]  Neil B. Harrison,et al.  How do architecture patterns and tactics interact? A model and annotation , 2010, J. Syst. Softw..

[7]  Jafar Habibi,et al.  Towards a Tactic-Based Evaluation of Self-Adaptive Software Architecture Availability , 2014, SEKE.

[8]  Mark Richards,et al.  Microservices AntiPatterns and Pitfalls , 2016 .

[9]  Felix Bachmann,et al.  Quality Attribute Design Primitives , 2000 .

[10]  Hernán Astudillo,et al.  Actual Use of Architectural Patterns in Microservices-Based Open Source Projects , 2018, 2018 25th Asia-Pacific Software Engineering Conference (APSEC).

[11]  Rainer Weinreich,et al.  Decision guidance models for microservices: service discovery and fault tolerance , 2017, ECBS.

[12]  Claes Wohlin,et al.  Experimentation in Software Engineering , 2000, The Kluwer International Series in Software Engineering.

[13]  Davide Taibi,et al.  An Empirical Investigation on the Motivations for the Adoption of Open Source Software , 2015, ICSEA 2015.

[14]  Hernán Astudillo,et al.  Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping , 2019, 2019 XLV Latin American Computing Conference (CLEI).

[15]  Felix Bachmann,et al.  Deriving Architectural Tactics: A Step Toward Methodical Architectural Design , 2003 .

[16]  Hernán Astudillo,et al.  A pattern language for scalable microservices-based systems , 2018, ECSA.

[17]  Jane Cleland-Huang,et al.  Detecting, Tracing, and Monitoring Architectural Tactics in Code , 2016, IEEE Transactions on Software Engineering.

[18]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[19]  Sam Newman,et al.  Building microservices - designing fine-grained systems, 1st Edition , 2015 .

[20]  Mianxiong Dong,et al.  Preserving Source-Location Privacy through Redundant Fog Loop for Wireless Sensor Networks , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[21]  Muhammad Ali Babar,et al.  Architectural Tactics for Big Data Cybersecurity Analytic Systems: A Review , 2018, ArXiv.

[22]  Ralph E. Johnson,et al.  Frameworks = (components + patterns) , 1997, CACM.

[23]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[24]  Felipe Osses,et al.  Review of Architectural Patterns and Tactics for Microservices in Academic and Industrial Literature , 2018, IEEE Latin America Transactions.

[25]  Leonard J. Bass,et al.  Moving from Quality Attribute Requirements to Architectural Decisions , 2003, STRAW.

[26]  Giovanni Toffetti Carughi,et al.  An architecture for self-managing microservices , 2015, AIMC '15.

[27]  Mehdi Mirakhorli,et al.  A search engine for finding and reusing architecturally significant code , 2017, J. Syst. Softw..