{"id":"https://openalex.org/W4377941332","doi":"https://doi.org/10.1145/3589608.3594742","title":"Sidecar-based Path-aware Security for Microservices","display_name":"Sidecar-based Path-aware Security for Microservices","publication_year":2023,"publication_date":"2023-05-24","ids":{"openalex":"https://openalex.org/W4377941332","doi":"https://doi.org/10.1145/3589608.3594742"},"language":"en","primary_location":{"id":"doi:10.1145/3589608.3594742","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589608.3594742","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021410622","display_name":"Catherine Meadows","orcid":"https://orcid.org/0009-0006-0673-711X"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Catherine Meadows","raw_affiliation_strings":["George Washington University, Washington, DC, DC, USA"],"affiliations":[{"raw_affiliation_string":"George Washington University, Washington, DC, DC, USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071512499","display_name":"Sena Hounsinou","orcid":"https://orcid.org/0000-0002-4187-6135"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sena Hounsinou","raw_affiliation_strings":["University of Colorado Colorado Springs, Colorado Springs, CO, USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs, Colorado Springs, CO, USA","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020963730","display_name":"Timothy Wood","orcid":"https://orcid.org/0000-0002-6728-4197"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Timothy Wood","raw_affiliation_strings":["George Washington University, Washington, DC, DC, USA"],"affiliations":[{"raw_affiliation_string":"George Washington University, Washington, DC, DC, USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055170166","display_name":"Gedare Bloom","orcid":"https://orcid.org/0000-0002-5677-7092"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gedare Bloom","raw_affiliation_strings":["University of Colorado Colorado Springs, Colorado Springs , CO, USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs, Colorado Springs , CO, USA","institution_ids":["https://openalex.org/I888729015"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5021410622"],"corresponding_institution_ids":["https://openalex.org/I193531525"],"apc_list":null,"apc_paid":null,"fwci":2.7824,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.90827884,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"157","last_page":"162"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microservices","display_name":"Microservices","score":0.9432624578475952},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8183712363243103},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.6381929516792297},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.620826780796051},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5444035530090332},{"id":"https://openalex.org/keywords/trusted-computing-base","display_name":"Trusted computing base","score":0.5220099091529846},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4963138699531555},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.49168020486831665},{"id":"https://openalex.org/keywords/trusted-computing","display_name":"Trusted Computing","score":0.485277384519577},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47745421528816223},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4681418538093567},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.42777252197265625},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.4254147708415985},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.42513179779052734},{"id":"https://openalex.org/keywords/single-point-of-failure","display_name":"Single point of failure","score":0.41056540608406067},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35698962211608887},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.22950094938278198},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.1771986186504364},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17344045639038086}],"concepts":[{"id":"https://openalex.org/C2778505942","wikidata":"https://www.wikidata.org/wiki/Q18344624","display_name":"Microservices","level":3,"score":0.9432624578475952},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8183712363243103},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.6381929516792297},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.620826780796051},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5444035530090332},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.5220099091529846},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4963138699531555},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.49168020486831665},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.485277384519577},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47745421528816223},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4681418538093567},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.42777252197265625},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.4254147708415985},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.42513179779052734},{"id":"https://openalex.org/C165136773","wikidata":"https://www.wikidata.org/wiki/Q1363179","display_name":"Single point of failure","level":2,"score":0.41056540608406067},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35698962211608887},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.22950094938278198},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.1771986186504364},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17344045639038086},{"id":"https://openalex.org/C136264566","wikidata":"https://www.wikidata.org/wiki/Q159810","display_name":"Economy","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3589608.3594742","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589608.3594742","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6299999952316284,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G1671621323","display_name":null,"funder_award_id":"H98230-21-1-0155","funder_id":"https://openalex.org/F4320311089","funder_display_name":"National Security Agency"},{"id":"https://openalex.org/G2811237814","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G7782065390","display_name":null,"funder_award_id":"N000142212084","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G7845798442","display_name":null,"funder_award_id":"H98230","funder_id":"https://openalex.org/F4320311089","funder_display_name":"National Security Agency"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2400282174","https://openalex.org/W2576385362","https://openalex.org/W2740279154","https://openalex.org/W2793149689","https://openalex.org/W2849203795","https://openalex.org/W2863168017","https://openalex.org/W2914630606","https://openalex.org/W2954090088","https://openalex.org/W2987467625","https://openalex.org/W3122360645","https://openalex.org/W3158912279","https://openalex.org/W4282578031"],"related_works":["https://openalex.org/W2900883736","https://openalex.org/W2983886004","https://openalex.org/W4312384233","https://openalex.org/W2922761213","https://openalex.org/W3174927864","https://openalex.org/W2953599647","https://openalex.org/W2998983696","https://openalex.org/W3195032555","https://openalex.org/W2162600177","https://openalex.org/W4377941332"],"abstract_inverted_index":{"Microservice":[0],"architectures":[1],"decompose":[2],"web":[3],"applications":[4],"into":[5],"loosely-coupled,":[6],"distributed":[7],"components":[8,137],"that":[9,39,92,138],"interact":[10],"with":[11],"each":[12,106],"other":[13],"to":[14,42,96,132],"provide":[15],"an":[16],"overall":[17],"service.":[18],"While":[19],"this":[20],"popular":[21],"software":[22,53],"architecture":[23],"paradigm":[24],"has":[25],"many":[26,75],"advantages":[27],"in":[28],"development":[29],"and":[30,45,88,113,143],"deployment,":[31],"it":[32],"also":[33],"introduces":[34],"a":[35,62,83,133,144],"wider":[36],"attack":[37,146],"surface":[38],"is":[40],"vulnerable":[41],"both":[43],"internal":[44],"external":[46],"attackers.":[47],"Potentially":[48],"malicious":[49],"third-party":[50],"services":[51],"or":[52],"packages,":[54],"as":[55,57],"well":[56],"increased":[58],"communication":[59],"endpoints,":[60],"introduce":[61],"wide":[63],"array":[64],"of":[65,72,76,136],"security":[66],"concerns.":[67],"To":[68],"improve":[69],"the":[70,124,130],"resiliency":[71],"microservice-based":[73],"applications,":[74],"which":[77],"store":[78],"sensitive":[79],"data,":[80],"we":[81],"propose":[82,100],"novel,":[84],"path-based":[85],"anomaly":[86,111],"detection":[87,112],"access":[89],"control":[90],"infrastructure":[91],"requires":[93],"no":[94],"modifications":[95],"existing":[97],"software.":[98],"We":[99],"leveraging":[101],"trusted":[102,125],"proxies":[103],"deployed":[104],"alongside":[105],"service":[107],"for":[108,117,140],"request":[109],"inspection,":[110],"signed":[114],"token":[115],"propagation":[116],"end-user":[118],"path":[119],"validation.":[120],"Our":[121],"approach":[122],"reduces":[123],"computing":[126],"base":[127],"away":[128],"from":[129],"microservices":[131],"smaller":[134,145],"set":[135],"allow":[139],"less":[141],"trust":[142],"surface.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}