USI - Email

Archive / INF Seminars / INF_2023_04_25_Patric_Genfer

USI - Email

	On the Understandability of Security Tactics for Microservice APIs

Chair: Prof. Cesare Pautasso

Tuesday

25.04

USI Campus Est, room D1.14, Sector D

16:30 - 17:30


	Patric Genfer University of Vienna

Abstract:
Microservice architectures have become a popular approach for building scalable distributed systems. However, designing robust microservice systems is challenging, and running them in public cloud infrastructures can pose security risks. While various guidelines and best practices exist to implement secure microservice communication, understanding and implementing these security features takes considerable time and effort, especially for novice developers and software architects.
To support architects in their tasks and help them in their decision-making process, we developed an approach to semi-automatically generate an abstract component model from existing microservice systems and annotate our model with additional security tactics we identified prior as part of our research. Based on our model, we were further able to calculate various security metrics to assess the different features of the system in question.
To study how well our component models help architects understand security tactics, during the seminar we will conduct a controlled experiment with two example microservice reference implementations.
For this, we created a questionnaire with different comprehension questions regarding the security aspects of these systems. The survey participants split into two groups, with one group relying solely on the informal system documentation while the other with additional access to our generated component diagrams with security annotations.
We aim to investigate how well our diagrams affect the correctness and duration of the participant’s behavior in understanding the security concepts used throughout the system.

Biography:
Patric Genfer is a researcher at the Faculty of Computer Science, University of Vienna, Austria, focusing on quality analytics of microservice architectures. He holds degrees in computer science from the Konstanz University of Applied Science, Germany, and the Vienna University of Technology (TU Wien).
Additionally, he has gained considerable industry experience by working in various industrial companies in diverse software engineering and architecture roles. Currently, Patric is pursuing a doctoral degree in computer science at the University of Vienna, Austria in the context of a DACH project in collaboration with the USI Software Institute.
In his leisure time, he enjoys working on diverse side projects, such as developing a conceptual UML designer, writing a blog about different software development topics, and learning Rust.