SST: A Tool to Support the Triage of Security Smells in Microservice Applications

SST: A Tool to Support the Triage of Security Smells in Microservice Applications

---

연구 분야: Databases

---

---

학회: SN Computer Science

---

초록

Microservice security smells denote possible symptoms of bad design decisions that may compromise the security of an application. Therefore, security smells should be carefully checked and possibly resolved by applying some refactorings. In this paper, we introduce SST (Security Smell Triager) an open-source tool that automates the triage of the possibly multiple instances of security smells affecting an existing microservice application, to support determining which instance is “more urgent” than others and should be considered first. SST also supports reasoning on whether/how to resolve a security smell instance through refactoring, by displaying the impact on quality attributes (like maintainability and performance efficiency) of both security smell instances and their refactoring. We also assess the usefulness of SST through a controlled experiment.

---