SATURN 2019 has ended
Back To Schedule
Wednesday, May 8 • 1:00pm - 1:30pm
Microservices: Confidentiality Hates Decoupling

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Despite the benefits of microservices, this architecture has introduced some security challenges. In my talk, I will focus on the confidentiality issues associated with this contemporary architecture. My point is that microservices architecture could introduce major insider threats to data confidentiality.

First, being authorized to call a web service does not necessarily grant the user the right to request the data of any resource. Users shall always use the web services for the best interest of businesses and customers. Imagine a hospital web application that uses the microservices architecture to implement the backend web services. One web service could be responsible for returning patients’ confidential data, such as full name, address, phone number, and picture. Such a web service is needed in several places of the application. As microservices are decoupled, it would be difficult for this web service to distinguish between legitimate and illegitimate requests. As a result, a data breach could happen. Using coarse-grained web services, however, mitigates the impact of this threat. This is because each user will have access to a limited subset of the confidential data. Access to confidential data is controlled by the user’s permissions to each hospital software module.

In my talk, I will discuss this security issue, and I will propose some security countermeasures to prevent or mitigate its impact in the applications that use microservices architecture.

See the slides.

Watch the video.

avatar for Jawad Damir

Jawad Damir

Jordan University of Science and Technology
Jawad Damir holds a Master of Information Systems Management from Heinz College, Carnegie Mellon University (Class of 2011). He has worked as a software development engineer for highly prestigious companies such as Yahoo! Inc. in California and Verizon Data Services in Florida. Meanwhile... Read More →

Wednesday May 8, 2019 1:00pm - 1:30pm EDT
Grand Station 3 Sheraton Pittsburgh Hotel at Station Square