Formal Methods for Verifying Authorization Policy in Microservice Systems

Formal Methods for Verifying Authorization Policy in Microservice Systems

연구 분야: Software Development

학회: 2025 IEEE International Conference on Service-Oriented System Engineering (SOSE)

In microservice systems, decentralized development can lead to inconsistent authorization policy implementations across services, potentially allowing users to perform operations they should not be authorized to or blocking legitimate operations. Detecting such inconsistencies requires complex, distributed analysis. We introduce an automated methodology that applies formal methods on microservice system source code for detecting and fixing these errors, reducing developer burden. A prototype implementation shows promising accuracy when applied on a popular, mid-sized microservice system benchmark.