{"id":"https://openalex.org/W4399114138","doi":"https://doi.org/10.1109/access.2024.3406500","title":"A Systematic Literature Review of Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures","display_name":"A Systematic Literature Review of Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4399114138","doi":"https://doi.org/10.1109/access.2024.3406500"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3406500","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3406500","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10540127.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10540127.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015216712","display_name":"Philipp Haindl","orcid":"https://orcid.org/0000-0001-6075-5286"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Philipp Haindl","raw_affiliation_strings":["Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria"],"raw_orcid":"https://orcid.org/0000-0001-6075-5286","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013592673","display_name":"Patrick Kochberger","orcid":"https://orcid.org/0000-0002-0898-9824"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Patrick Kochberger","raw_affiliation_strings":["Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria"],"raw_orcid":"https://orcid.org/0000-0002-0898-9824","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5098920394","display_name":"Markus Sveggen","orcid":null},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Sveggen","raw_affiliation_strings":["Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria"],"raw_orcid":"https://orcid.org/0009-0003-8079-1649","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Security, St. Pölten University of Applied Sciences, St. Pölten, Austria","institution_ids":["https://openalex.org/I25485817"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015216712"],"corresponding_institution_ids":["https://openalex.org/I25485817"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":7.8661,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.97789538,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"12","issue":null,"first_page":"90252","last_page":"90286"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7524727582931519},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5805835723876953},{"id":"https://openalex.org/keywords/systematic-review","display_name":"Systematic review","score":0.4301711916923523},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4278663694858551},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3478057384490967},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.13924014568328857}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7524727582931519},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5805835723876953},{"id":"https://openalex.org/C189708586","wikidata":"https://www.wikidata.org/wiki/Q1504425","display_name":"Systematic review","level":3,"score":0.4301711916923523},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4278663694858551},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3478057384490967},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.13924014568328857},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C2779473830","wikidata":"https://www.wikidata.org/wiki/Q1540899","display_name":"MEDLINE","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2024.3406500","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3406500","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10540127.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:98b3ad1a2bab47d39d89c1d22f3c6909","is_oa":true,"landing_page_url":"https://doaj.org/article/98b3ad1a2bab47d39d89c1d22f3c6909","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 90252-90286 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3406500","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3406500","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10540127.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/13","display_name":"Climate action","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4399114138.pdf"},"referenced_works_count":37,"referenced_works":["https://openalex.org/W1474974215","https://openalex.org/W1562463929","https://openalex.org/W1969939902","https://openalex.org/W1975675278","https://openalex.org/W1999798506","https://openalex.org/W2008411739","https://openalex.org/W2036625200","https://openalex.org/W2106956101","https://openalex.org/W2128961774","https://openalex.org/W2133933998","https://openalex.org/W2142168034","https://openalex.org/W2576385362","https://openalex.org/W2620482464","https://openalex.org/W2753691335","https://openalex.org/W2791003924","https://openalex.org/W2799310732","https://openalex.org/W2883262966","https://openalex.org/W2893989659","https://openalex.org/W2963026732","https://openalex.org/W3010782494","https://openalex.org/W3011512329","https://openalex.org/W3041871477","https://openalex.org/W3112143385","https://openalex.org/W3121723636","https://openalex.org/W3128695215","https://openalex.org/W3144543375","https://openalex.org/W3158009416","https://openalex.org/W4206010938","https://openalex.org/W4214831727","https://openalex.org/W4221123049","https://openalex.org/W4280556079","https://openalex.org/W4281665710","https://openalex.org/W4285278513","https://openalex.org/W4291213652","https://openalex.org/W4377941332","https://openalex.org/W4381847852","https://openalex.org/W4387041772"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Ensuring":[0],"security":[1,63,80,90,141,161,175,199,219,243],"is":[2,152],"of":[3,28,46,79,88,99,156,241],"paramount":[4],"importance":[5],"in":[6,76,91,119,164,205,217,229],"microservice":[7,92,109,206,218],"architectures,":[8],"given":[9],"their":[10,202],"distributed":[11],"nature,":[12],"involving":[13],"numerous":[14],"services":[15,50],"and":[16,52,58,82,106,145,148,167,183,201,223,232],"network-spanning":[17],"interactions.":[18],"This":[19,65],"architectural":[20],"style,":[21],"which":[22,48],"can":[23],"comprise":[24],"hundreds":[25],"to":[26,38,140,220],"thousands":[27],"services,":[29],"inherently":[30],"presents":[31,67],"a":[32,68,112,153,196,214],"more":[33,172],"extensive":[34,178],"attack":[35,143],"surface":[36],"compared":[37],"traditional":[39],"monolithic":[40],"applications.":[41],"Moreover,":[42],"the":[43,62,77,86,97,120,130,192,211,230,238],"polyglot":[44],"nature":[45],"microservices,":[47],"encompasses":[49],"developed":[51],"deployed":[53],"using":[54],"diverse":[55],"programming":[56],"languages":[57],"technologies,":[59],"further":[60],"complicates":[61],"landscape.":[64],"paper":[66],"systematic":[69],"literature":[70,231],"review,":[71],"analyzing":[72],"54":[73],"publications":[74],"specifically":[75],"context":[78],"threats":[81,135,200],"mitigation":[83,203],"strategies":[84,170,204],"within":[85],"area":[87],"inter-service":[89,165],"architectures.":[93,207],"We":[94],"observed":[95],"that":[96],"majority":[98],"studies":[100,236],"focus":[101],"on":[102,159,180,237],"presenting":[103],"methods,":[104],"models,":[105],"guidelines":[107],"for":[108,194,213],"security,":[110],"with":[111,126,177],"significant":[113],"portion":[114],"validating":[115],"these":[116],"approaches.":[117],"Publications":[118],"field":[121],"have":[122],"increased":[123],"since":[124],"2015,":[125],"conference":[127],"papers":[128],"being":[129],"most":[131],"common":[132],"type.":[133],"Security":[134],"identified":[136,188],"are":[137],"mainly":[138],"related":[139],"perimeters,":[142],"surfaces,":[144],"inadequate":[146],"monitoring":[147],"intrusion":[149],"detection.":[150],"There":[151],"notable":[154],"lack":[155],"comprehensive":[157],"analysis":[158],"specific":[160],"threats,":[162,176],"particularly":[163],"authentication":[166],"communication.":[168],"Mitigation":[169],"receive":[171],"attention":[173],"than":[174],"discussion":[179],"infrastructure":[181],"defense":[182],"secure":[184],"coding":[185],"practices.":[186],"The":[187],"research":[189],"gap":[190],"highlights":[191],"need":[193],"establishing":[195],"connection":[197],"between":[198],"It":[208],"also":[209],"underscores":[210],"necessity":[212],"standardized":[215],"taxonomy":[216],"clarify":[221],"terminology":[222],"consolidate":[224],"best":[225],"practices,":[226],"addressing":[227],"inconsistencies":[228],"guiding":[233],"future":[234],"empirical":[235],"practical":[239],"challenges":[240],"implementing":[242],"measures.":[244]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":4}],"updated_date":"2026-06-06T09:05:17.133730","created_date":"2025-10-10T00:00:00"}