A Survey on Microservices Trust Models for Open Systems

The microservices architecture (MSA) is a form of distributed systems architecture that has been widely adopted in large-scale software systems in recent years. As with other distributed system architectures, one of the challenges that MSA faces is establishing trust between the microservices, particularly in the context of open systems. The boundaries of open systems are unlimited and unknown, which means that they can be applied to any use case. Microservices can leave or join an open system arbitrarily, without restriction as to ownership or origin, and MSA systems can scale extensively. The organisation of microservices (in terms of the roles they play and the communication links they utilise) can also change in response to changes in the environment in which the system is situated. The management of trust within MSAs is of great importance as the concept of trust is critical to microservices communication, and the operation of an open MSA system is highly reliant on communication between these fine-grained microservices. Thus, a trust model should also be able to manage trust in an open environment. Current trust management solutions, however, are often domain-specific and many are not specifically tailored towards the open system model. This motivates research on trust management in the context of open MSA systems. In this paper, we examine existing microservices trust models, identify the limitations of these models in the context of the principles of open microservices systems, propose a set of qualities for open microservices trust models that emerge from these limitations, and assess selected microservices trust models using the proposed qualities.

[1]  Daochao Huang,et al.  A Survey on Zero Trust Architecture: Challenges and Future Trends , 2022, Wireless Communications and Mobile Computing.

[2]  Hui Cheng,et al.  SC-TRUST: A Dynamic Model for Trustworthy Service Composition in the Internet of Things , 2022, IEEE Internet of Things Journal.

[3]  Jing Li,et al.  A survey of application research based on blockchain smart contract , 2022, Wireless Networks.

[4]  Rajkumar Buyya,et al.  Edge In-Network Computing Meets Blockchain: A Multi-Domain Heterogeneous Resource Trust Management Architecture , 2021, IEEE Network.

[5]  Y. Limpiyakorn,et al.  HT-RBAC: A Design of Role-based Access Control Model for Microservice Security Manager , 2021, 2021 International Conference on Big Data Engineering and Education (BDEE).

[6]  S. Rathore,et al.  Open-world Machine Learning: Applications, Challenges, and Opportunities , 2021, ACM Comput. Surv..

[7]  A. Inomata,et al.  Migrating to Zero Trust Architecture: Reviews and Challenges , 2021, Secur. Commun. Networks.

[8]  Elias P. Duarte,et al.  RFT: Scalable and Fault-Tolerant Microservices for the O-RAN Control Plane , 2021, 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[9]  Donna O'Shea,et al.  Performance Analysis of Zero-Trust multi-cloud , 2021, 2021 IEEE 14th International Conference on Cloud Computing (CLOUD).

[10]  Antonio Brogi,et al.  Smells and Refactorings for Microservices Security: A Multivocal Literature Review , 2021, J. Syst. Softw..

[11]  S. Z. Hosseinifard,et al.  Service-Level Agreement with Dynamic Inventory Policy: The Effect of the Performance Review Period and the Incentive Structure , 2021, Decis. Sci..

[12]  Abdelhakim Hannousse,et al.  Securing Microservices and Microservice Architectures: A Systematic Mapping Study , 2020, Comput. Sci. Rev..

[13]  Vlado Stankovski,et al.  Trust management in a blockchain based fog computing platform with trustless smart oracles , 2019, Future Gener. Comput. Syst..

[14]  Symeon Papavassiliou,et al.  Collaborative SLA and reputation-based trust management in cloud federations , 2019, Future Gener. Comput. Syst..

[15]  Nima Jafari Navimipour,et al.  A Comprehensive Study on the Trust Management Techniques in the Internet of Things , 2019, IEEE Internet of Things Journal.

[16]  Kalliopi Kravari,et al.  StoRM: A social agent-based trust model for the internet of things adopting microservice architecture , 2019, Simul. Model. Pract. Theory.

[17]  Alfred Zimmermann,et al.  Microservices Migration in Industry: Intentions, Strategies, and Challenges , 2019, 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[18]  Antonio Brogi,et al.  Design principles, architectural smells and refactorings for microservices: a multivocal review , 2019, SICS Software-Intensive Cyber-Physical Systems.

[19]  Gregory M. P. O'Hare,et al.  MAMS: Multi-Agent MicroServices✱ , 2019, WWW.

[20]  Hyunseok Chang,et al.  eZTrust: Network-Independent Zero-Trust Perimeterization for Microservices , 2019, SOSR.

[21]  Alfred Zimmermann,et al.  Microservices in Industry: Insights into Technologies, Characteristics, and Software Quality , 2019, 2019 IEEE International Conference on Software Architecture Companion (ICSA-C).

[22]  Lilei Lu,et al.  A novel TOPSIS evaluation scheme for cloud service trustworthiness combining objective and subjective aspects , 2018, J. Syst. Softw..

[23]  S. Ravichandra,et al.  Microservices: A perfect SOA based solution for Enterprise Applications compared to Web Services , 2018, 2018 3rd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT).

[24]  Michael J. Donahoo,et al.  Contextual understanding of microservice architecture: current and future directions , 2018, SIAP.

[25]  Jinjun Chen,et al.  Towards a trust evaluation middleware for cloud service selection , 2017, Future Gener. Comput. Syst..

[26]  Olaf Zimmermann,et al.  Microservices tenets , 2017, Computer Science - Research and Development.

[27]  Hyun-Woo Lee,et al.  Toward a Trust Evaluation Mechanism in the Social Internet of Things , 2017, Sensors.

[28]  Patricia Lago,et al.  Research on Architecting Microservices: Trends, Focus, and Potential for Industrial Adoption , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[29]  Long Sun,et al.  An open IoT framework based on microservices architecture , 2017, China Communications.

[30]  Nour Ali,et al.  A Systematic Mapping Study in Microservice Architecture , 2016, 2016 IEEE 9th International Conference on Service-Oriented Computing and Applications (SOCA).

[31]  Casimer DeCusatis,et al.  Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication , 2016, 2016 IEEE International Conference on Smart Cloud (SmartCloud).

[32]  Nizar Bouguila,et al.  Trust and Reputation of Web Services Through QoS Correlation Lens , 2016, IEEE Transactions on Services Computing.

[33]  Florence Sèdes,et al.  Trust Management in Social Internet of Things: A Survey , 2016, I3E.

[34]  Alberto Lluch-Lafuente,et al.  Microservices: Yesterday, Today, and Tomorrow , 2016, Present and Ulterior Software Engineering.

[35]  Athanasios V. Vasilakos,et al.  Web services composition: A decade's overview , 2014, Inf. Sci..

[36]  Bharat Bhargava,et al.  End to end security in service oriented architecture , 2014 .

[37]  Frank Leymann,et al.  Cloud Computing Patterns: Fundamentals to Design, Build, and Manage Cloud Applications , 2014 .

[38]  Li Wang,et al.  A Web Service trust evaluation model based on small-world networks , 2014, Knowl. Based Syst..

[39]  Zhaohui Wu,et al.  Trust-Based Personalized Service Recommendation: A Network Perspective , 2014, Journal of Computer Science and Technology.

[40]  Ying Li,et al.  A Trust Evaluation Mechanism for Collaboration of Data-Intensive Services in Cloud , 2013 .

[41]  Bharat K. Bhargava,et al.  An End-to-End Security Auditing Approach for Service Oriented Architectures , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[42]  Xinhuai Tang,et al.  A trusted model for service selection in trustworthy service composition , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[43]  Jian Yang,et al.  A Trust and Reputation Model Based on Bayesian Network for Web Services , 2010, 2010 IEEE International Conference on Web Services.

[44]  Athman Bouguettaya,et al.  RATEWeb: Reputation Assessment for Trust Establishment among Web services , 2009, The VLDB Journal.

[45]  Gregory M. P. O'Hare,et al.  An Agent-Based Approach to Component Management , 2009, AAMAS.

[46]  John Domingue,et al.  A Trust Based Methodology for Web Service Selection , 2007, International Conference on Semantic Computing (ICSC 2007).

[47]  Thomas Erl,et al.  SOA Principles of Service Design , 2007 .

[48]  Julita Vassileva,et al.  A Review on Trust and Reputation for Web Service Selection , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[49]  Antonio F. Gómez-Skarmeta,et al.  A New Model for Trust and Reputation Management with an Ontology Based Approach for Similarity Between Tasks , 2006, MATES.

[50]  Siew Poh Lee,et al.  Web Services Implementation Methodology for SOA Application , 2006, 2006 4th IEEE International Conference on Industrial Informatics.

[51]  Luciano Baresi,et al.  Toward open-world software: Issues and challenges , 2006, Computer.

[52]  Anneli Folkesson,et al.  World Wide Web Consortium (W3C) , 2005 .

[53]  Jordi Sabater-Mir,et al.  REGRET: reputation in gregarious societies , 2001, AGENTS '01.

[54]  Vladimir O. Safonov,et al.  Aspect-Oriented Programming , 1997, ECOOP.

[55]  Alan W. Brown,et al.  Engineering of component-based systems , 1996, Proceedings of ICECCS '96: 2nd IEEE International Conference on Engineering of Complex Computer Systems (held jointly with 6th CSESAW and 4th IEEE RTAW).

[56]  Y. Shoham Agent-Oriented Programming , 1992, Artif. Intell..

[57]  Jason Garbis,et al.  Zero Trust Architectures , 2021 .

[58]  Xing Li,et al.  Automatic Policy Generation for Inter-Service Access Control of Microservices , 2021, USENIX Security Symposium.

[59]  Rui Zhang,et al.  SmartVM: a SLA-aware microservice deployment framework , 2018, World Wide Web.

[60]  Chaitanya K. Rudrabhatla Comparison of Event Choreography and Orchestration Techniques in Microservice Architecture , 2018 .

[61]  Serge Mankovskii,et al.  Service Oriented Architecture , 2009, Encyclopedia of Database Systems.

[62]  Munindar P. Singh,et al.  Service-Oriented Computing: Semantics, Processes, Agents , 2010 .

[63]  Graham Palmer,et al.  De-Perimeterisation: Benefits and limitations , 2005, Inf. Secur. Tech. Rep..

[64]  Evans,et al.  Domain-driven design , 2003 .

[65]  P. Dasgupta Trust as a commodity , 1988 .