Development of secure containerized applications with a microservices architecture

Спасітєлєва, Світлана Олексіївна and Чичкань, І. and Шевченко, Світлана Миколаївна and Жданова, Юлія Дмитрівна (2023) Development of secure containerized applications with a microservices architecture Кібербезпека: освіта, наука, техніка, 1 (21). pp. 193-210.

[thumbnail of S_Spasitielieva_Kiberbezpeka_21_203_FITM.pdf] Text
S_Spasitielieva_Kiberbezpeka_21_203_FITM.pdf

Download (882kB)

Abstract

The article analyzes approaches to software development that allow creating complex container applications with a microservice architecture based on automation tools and flexible development methods.The development of cloud technologies, the global strategy of containerization, the modernization of the application architecture, and the increase in security requirements have led to a change in the application development methodology.The study aims to determine approaches to increase the speed of development, security and quality of software code of containerized applications by implementing security principles and automation tools at all stages of the life cycle.Features and development prospects of microservice applications deployed in a container environment are considered. The advantages of the container infrastructure are defined: mobility, scalability, an additional level of microservice security.Containers provide an isolated environment for running a microservices, this reduces the risk of security vulnerabilities and simplifies interaction between microservices. The article identifies the security problems of microservice applications and the main vulnerabilities associated with the use of containers. It is determined that DevSecOps methodology allows implementing modern practice of continuous integration, continuous delivery, continuous application deployment and integration of security tools at all lifecycle stages.DevSecOps describes development processes, deployment and operation processes using Security as Code and Infrastructure as Code practices. The research describes the model for developingand deploying microservice applications with containerization, defines the security domains, and the security controls for DevSecOps development pipeline. Based on this model, the main security control tools that must be used at all development and deployment pipeline stages are defined. The article proves that the considered technique regulates the implementation of given security procedures at all stages of the pipeline, allows to reduce development time and improve code quality for container applications with a microservices architecture

Item Type: Article
Additional Information: https://doi.org/10.28925/2663-4023.2023.21.193210
Uncontrolled Keywords: microservice architecture; container; DevSecOps; application security; security vulnerabilities
Subjects: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у журналах > Фахові (входять до переліку фахових, затверджений МОН)
Divisions: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Світлана Олексіївна Спасітєлєва
Date Deposited: 14 Nov 2023 12:02
Last Modified: 20 Nov 2023 11:08
URI: https://elibrary.kubg.edu.ua/id/eprint/46852

Actions (login required)

View Item View Item