{"id":"https://openalex.org/W7164006171","doi":"https://doi.org/10.1145/3748522.3779835","title":"A Secure Design Methodology for Microservices-Based Application","display_name":"A Secure Design Methodology for Microservices-Based Application","publication_year":2026,"publication_date":"2026-03-23","ids":{"openalex":"https://openalex.org/W7164006171","doi":"https://doi.org/10.1145/3748522.3779835"},"language":null,"primary_location":{"id":"doi:10.1145/3748522.3779835","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3748522.3779835","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 41st ACM/SIGAPP Symposium on Applied Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3748522.3779835","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012994834","display_name":"Valentina Casola","orcid":"https://orcid.org/0000-0003-0964-7014"},"institutions":[{"id":"https://openalex.org/I71267560","display_name":"University of Naples Federico II","ror":"https://ror.org/05290cv24","country_code":"IT","type":"education","lineage":["https://openalex.org/I71267560"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Valentina Casola","raw_affiliation_strings":["University Federico II of Naples, Naples, Italy"],"raw_orcid":"https://orcid.org/0000-0003-0964-7014","affiliations":[{"raw_affiliation_string":"University Federico II of Naples, Naples, Italy","institution_ids":["https://openalex.org/I71267560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5138279765","display_name":"Ciro Gallucci","orcid":"https://orcid.org/0009-0001-5633-1218"},"institutions":[{"id":"https://openalex.org/I71267560","display_name":"University of Naples Federico II","ror":"https://ror.org/05290cv24","country_code":"IT","type":"education","lineage":["https://openalex.org/I71267560"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Ciro Gallucci","raw_affiliation_strings":["University Federico II of Naples, Naples, Italy"],"raw_orcid":"https://orcid.org/0009-0001-5633-1218","affiliations":[{"raw_affiliation_string":"University Federico II of Naples, Naples, Italy","institution_ids":["https://openalex.org/I71267560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075344571","display_name":"Felice Moretta","orcid":"https://orcid.org/0009-0008-2923-8799"},"institutions":[{"id":"https://openalex.org/I197809005","display_name":"University of Campania \"Luigi Vanvitelli\"","ror":"https://ror.org/02kqnpp86","country_code":"IT","type":"education","lineage":["https://openalex.org/I197809005"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Felice Moretta","raw_affiliation_strings":["University of Campania Luigi Vanvitelli, Aversa, Italy"],"raw_orcid":"https://orcid.org/0009-0008-2923-8799","affiliations":[{"raw_affiliation_string":"University of Campania Luigi Vanvitelli, Aversa, Italy","institution_ids":["https://openalex.org/I197809005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068111307","display_name":"Massimiliano Rak","orcid":"https://orcid.org/0000-0001-6708-4032"},"institutions":[{"id":"https://openalex.org/I71267560","display_name":"University of Naples Federico II","ror":"https://ror.org/05290cv24","country_code":"IT","type":"education","lineage":["https://openalex.org/I71267560"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Massimiliano Rak","raw_affiliation_strings":["University Federico II of Naples, Naples, Italy"],"raw_orcid":"https://orcid.org/0000-0001-6708-4032","affiliations":[{"raw_affiliation_string":"University Federico II of Naples, Naples, Italy","institution_ids":["https://openalex.org/I71267560"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5012994834"],"corresponding_institution_ids":["https://openalex.org/I71267560"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.96206579,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1560","last_page":"1562"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9785000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9785000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.003700000001117587,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.0024999999441206455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microservices","display_name":"Microservices","score":0.8676000237464905},{"id":"https://openalex.org/keywords/metamodeling","display_name":"Metamodeling","score":0.5048999786376953},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4821000099182129},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.460099995136261},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.426800012588501},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.3569999933242798},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.3538999855518341}],"concepts":[{"id":"https://openalex.org/C2778505942","wikidata":"https://www.wikidata.org/wiki/Q18344624","display_name":"Microservices","level":3,"score":0.8676000237464905},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7290999889373779},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5795999765396118},{"id":"https://openalex.org/C86610423","wikidata":"https://www.wikidata.org/wiki/Q1925081","display_name":"Metamodeling","level":2,"score":0.5048999786376953},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4821000099182129},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.460099995136261},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.426800012588501},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3569999933242798},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.3538999855518341},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.35280001163482666},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.305400013923645},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.29739999771118164},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.2921999990940094},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.27959999442100525},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2734000086784363},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2680000066757202},{"id":"https://openalex.org/C509989072","wikidata":"https://www.wikidata.org/wiki/Q15188241","display_name":"Model-driven architecture","level":4,"score":0.2635999917984009},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.25130000710487366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3748522.3779835","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3748522.3779835","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 41st ACM/SIGAPP Symposium on Applied Computing","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3748522.3779835","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3748522.3779835","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 41st ACM/SIGAPP Symposium on Applied Computing","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.4344753324985504,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W2027963337","https://openalex.org/W2982155348","https://openalex.org/W3001443755","https://openalex.org/W3012308217","https://openalex.org/W4210629855","https://openalex.org/W4292158479","https://openalex.org/W4385412366","https://openalex.org/W4385730964","https://openalex.org/W4400976803","https://openalex.org/W4402158429"],"related_works":[],"abstract_inverted_index":{"Microservices":[0],"architectures":[1],"have":[2],"become":[3],"the":[4,39,53,75,86,98,124],"standard":[5],"for":[6,32,126,134],"distributed":[7],"application":[8,96],"development":[9],"but":[10],"introduce":[11],"significant":[12],"security":[13,83,107,132],"challenges":[14],"that":[15],"traditional":[16],"Secure":[17],"Development":[18],"Lifecycle":[19],"methods":[20],"struggle":[21],"to":[22],"address.":[23],"This":[24],"preliminary":[25],"work":[26,122],"presents":[27],"an":[28,114],"automated,":[29],"model-driven":[30,129],"methodology":[31],"supporting":[33],"Security-by-Design":[34],"in":[35],"microservices":[36,95],"applications,":[37],"combining":[38],"MetaSEnD":[40],"metamodel":[41],"with":[42,81,109],"DevSecOps":[43],"practices.":[44],"Starting":[45],"from":[46],"declarative":[47],"specifications":[48],"(e.g.,":[49],"Docker":[50],"Compose":[51],"files),":[52],"system":[54],"automatically":[55],"generates":[56],"a":[57,93,118],"Multipurpose":[58],"Application":[59],"Composition":[60],"Model":[61],"(MACM)":[62],"and":[63,104,130],"derives":[64],"security-relevant":[65],"information":[66],"through":[67],"graph-based":[68],"analysis.":[69],"The":[70],"resulting":[71],"threat":[72,102],"model":[73],"enables":[74],"creation":[76],"of":[77,100],"customized":[78],"DevSec-Ops":[79],"pipelines":[80],"integrated":[82],"tools":[84],"across":[85],"CI/CD":[87],"cycle.":[88],"A":[89],"first":[90],"validation":[91],"on":[92],"benchmark":[94],"demonstrates":[97],"feasibility":[99],"automating":[101],"identification":[103],"integrating":[105],"continuous":[106],"testing":[108],"limited":[110],"manual":[111],"effort.":[112],"As":[113],"initial":[115],"step":[116],"toward":[117],"broader":[119],"methodology,":[120],"this":[121],"lays":[123],"foundation":[125],"more":[127],"comprehensive":[128],"automated":[131],"processes":[133],"cloud-native":[135],"systems.":[136]},"counts_by_year":[],"updated_date":"2026-06-10T14:10:52.464848","created_date":"2026-06-10T00:00:00"}