Security Mechanisms Used in Microservices-Based Systems: A Systematic Mapping

Abstract

Microservices is an architectural style that conceives systems as a modular, costumer, independent and scalable suite of services; it offers several advantages but its growing popularity has given rise to security challenges. Building secure systems is greatly helped by deploying existing security mechanisms, but current literature does not guide developers about which mechanisms are actually used by developers of microservicesbased systems. This article describes the design and results of a systematic mapping study to identify the security mechanisms used in microservices-based systems described in the literature. The study yielded 321 articles, of which 26 are primary studies. Key findings are that (i) the studies mention 18 security mechanisms; (ii) the most mentioned security mechanisms are authentication, authorization and credentials; and (iii) almost 2/3 of security mechanisms focus on stopping or mitigating attacks, but none on recovering from them. Additionally, it emerges that experiments and case studies are the most used empirical strategies in microservices security research. The clear identification of most-used security solutions will facilitate the reuse of existing architectural knowledge to address security problems in microservices-based systems.