Building Secure Environments for Microservices

Microservice-based architectures are widely used in modern software and the number of cyber attacks on software is increasing. It is essential to make microservices more reliable and resilient against cyber attacks. In this paper, we propose a methodology to detect configurations of computing systems that host microservices and containers, evaluate cyber risks of their essential components in an automatic continuous mode, and reconfigure environments aiming to make them less vulnerable against cyber attacks. Our solution supports multiple operating systems and hardware configurations. For cyber risk evaluation, our approach relies on a public database of Common Vulnerabilities and Exposures for software and hardware, as well as penetration testing and static analysis. Furthermore, the cyber risk evaluation model considers the attributes of microservices, such as their privilege level. We will show least and most vulnerable configurations for computing systems that use popular operating systems and applications.