TY - GEN
T1 - Fine-Grained Access Control for Microservices
AU - Nehme, Antonio
AU - Jesus, Vitor
AU - Mahbub, Khaled
AU - Abdallah, Ali
PY - 2019/4/14
Y1 - 2019/4/14
N2 - Microservices-based applications are considered to be a promising paradigm for building large-scale digital systems due to their flexibility, scalability, and agility of development. To achieve the adoption of digital services, applications holding personal data must be secure while giving end-users as much control as possible. On the other hand, for software developers, the adoption of a security solution for microservices requires it to be easily adaptable to the application context and requirements while fully exploiting reusability of security components. This paper proposes a solution that targets key security challenges of microservice-based applications. Our approach relies on a coordination of security components, and offers a fine-grained access control in order to minimise the risks of token theft, session manipulation, and a malicious insider; it also renders the system resilient against confused deputy attacks. This solution is based on a combination of OAuth 2 and XACML open standards, and achieved through reusable security components integrated with microservices.
AB - Microservices-based applications are considered to be a promising paradigm for building large-scale digital systems due to their flexibility, scalability, and agility of development. To achieve the adoption of digital services, applications holding personal data must be secure while giving end-users as much control as possible. On the other hand, for software developers, the adoption of a security solution for microservices requires it to be easily adaptable to the application context and requirements while fully exploiting reusability of security components. This paper proposes a solution that targets key security challenges of microservice-based applications. Our approach relies on a coordination of security components, and offers a fine-grained access control in order to minimise the risks of token theft, session manipulation, and a malicious insider; it also renders the system resilient against confused deputy attacks. This solution is based on a combination of OAuth 2 and XACML open standards, and achieved through reusable security components integrated with microservices.
UR - https://link.springer.com/chapter/10.1007/978-3-030-18419-3_19
U2 - 10.1007/978-3-030-18419-3_19
DO - 10.1007/978-3-030-18419-3_19
M3 - Conference publication
SN - 9783030184186
T3 - Lecture Notes in Computer Science
SP - 285
EP - 300
BT - Foundations and Practice of Security
A2 - Zincir-Heywood, N.
A2 - Bonfante, G.
A2 - Debbabi, M.
A2 - Garcia-Alfaro, J.
PB - Springer
ER -