Analysis of Client Side Vulnerabilities in Microservice-based Systems

Please enable javascript in your browser.

Basiri Abarghouei, Mohammad | 2023

38 Viewed

Type of Document: M.Sc. Thesis
Language: Farsi
Document No: 56428 (19)
University: Sharif University of Technology
Department: Computer Engineering
Advisor(s): Kharrazi, Mehdi
Abstract:
Nowadays, software systems face many challenges that relate to their maintenance, scalability, and development. To address these challenges, many large software systems have moved away from monolithic architecture and adopted a microservicesbased architecture. However, microservices-based systems face security challenges due to their distributed nature, complex dependencies, and diverse implementation technologies. This study specifically examines architecture-based threats, which fall under the program logic-based category. Previous research has required access to the server-side architecture to recover the architecture of the system, but this study proposes a method for recovering the server-side architecture using only client-side clues, without requiring server-side access. Finally, the study presents several scenarios of architecture-based attacks, which demonstrate how attackers could exploit architecture-based information to increase the impact of their attacks
Keywords:
Microservices ; Architecture-Based Threats ; Server-Side Architecture ; Vulnerability Analysis ; Side Channel Attacks