{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T10:14:28Z","timestamp":1753870468384,"version":"3.41.2"},"reference-count":56,"publisher":"Wiley","issue":"10","license":[{"start":{"date-parts":[[2024,6,27]],"date-time":"2024-06-27T00:00:00Z","timestamp":1719446400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["BE2021002\u20102"],"award-info":[{"award-number":["BE2021002\u20102"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["ZZKT2022A25","KFKT2022A09","KFKT2023A09","KFKT2023A10"],"award-info":[{"award-number":["ZZKT2022A25","KFKT2022A09","KFKT2023A09","KFKT2023A10"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100005416","name":"Norges Forskningsr\u00e5d","doi-asserted-by":"publisher","award":["62072227","62202219","62302210"],"award-info":[{"award-number":["62072227","62202219","62302210"]}],"id":[{"id":"10.13039\/501100005416","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["J Software Evolu Process"],"published-print":{"date-parts":[[2024,10]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Microservice architecture (MSA) is a mainstream architectural style due to its high maintainability and scalability. In practice, an appropriate microservice\u2010oriented decomposition is the foundation to make a system enjoy the benefits of MSA. In terms of decomposing monolithic systems into microservices, researchers have been exploring many optimization objectives, of which modularity is a predominantly focused quality attribute. Security is also a critical quality attribute, that measures the extent to which a system protects data from malicious access or use by attackers. Considering security in microservices\u2010oriented decomposition can help avoid the risk of leaking critical data and other unexpected software security issues. However, few researchers consider the security objective during microservice\u2010oriented decomposition, because the measurement of security and the trade\u2010off with other objectives are challenging in reality. To bridge this research gap, we propose a security\u2010optimized approach for microservice\u2010oriented decomposition (So4MoD). In this approach, we adapt five metrics from previous studies for the measurement of the data security of candidate microservices. A multi\u2010objective optimization algorithm based on NSGA\u2010II is designed to search for microservices with optimized security and modularity. To validate the effectiveness of the proposed So4MoD, we perform several experiments on eight open\u2010source projects and compare the decomposition results to other three state\u2010of\u2010the\u2010art approaches, that is, FoSCI, CO\u2010GCN, and MSExtractor. The experiment results show that our approach can achieve at least an 11.5% improvement in terms of security metrics. Moreover, the decomposition results of So4MoD outperform other approaches in four modularity metrics, demonstrating that So4MoD can optimize data security while pursuing a well\u2010modularized MSA.<\/jats:p>","DOI":"10.1002\/smr.2670","type":"journal-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T05:20:42Z","timestamp":1719552042000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards a security\u2010optimized approach for the microservice\u2010oriented decomposition"],"prefix":"10.1002","volume":"36","author":[{"given":"Xiaodong","family":"Liu","sequence":"first","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-5196-753X","authenticated-orcid":false,"given":"Zhikun","family":"Chen","sequence":"additional","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]},{"given":"Yu","family":"Qian","sequence":"additional","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]},{"given":"Chenxing","family":"Zhong","sequence":"additional","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1296-4363","authenticated-orcid":false,"given":"Huang","family":"Huang","sequence":"additional","affiliation":[{"name":"State Grid Nanjing Power Supply Company  Nanjing China"}]},{"given":"Shanshan","family":"Li","sequence":"additional","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]},{"given":"Dong","family":"Shao","sequence":"additional","affiliation":[{"name":"Software Institute Nanjing University  Nanjing China"},{"name":"State Key Laboratory for Novel Software Technology Nanjing University  Nanjing China"}]}],"member":"311","published-online":{"date-parts":[[2024,6,27]]},"reference":[{"key":"e_1_2_11_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2910531"},{"key":"e_1_2_11_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2022.106992"},{"key":"e_1_2_11_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.02.031"},{"key":"e_1_2_11_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106449"},{"key":"e_1_2_11_6_1","doi-asserted-by":"crossref","unstructured":"ZhouX HuangH ZhangH HuangX ShaoD ZhongC.A cross\u2010company ethnographic study on software teams for DevOps and microservices: organization benefits and issues. In: Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice.Association for Computing Machinery;2022:1\u201010.","DOI":"10.1145\/3510457.3513054"},{"key":"e_1_2_11_7_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.3138"},{"key":"e_1_2_11_8_1","doi-asserted-by":"crossref","unstructured":"ZhangH LiS JiaZ ZhongC ZhangC.Microservice architecture in reality: an industrial inquiry. In: 2019 IEEE International Conference on Software Architecture (ICSA).IEEE;2019:51\u201060.","DOI":"10.1109\/ICSA.2019.00014"},{"key":"e_1_2_11_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2022.106996"},{"key":"e_1_2_11_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.07.008"},{"key":"e_1_2_11_11_1","doi-asserted-by":"crossref","unstructured":"HassanS AliN BahsoonR.Microservice ambients: an architectural meta\u2010modelling approach for microservice granularity. In: 2017 IEEE International Conference on Software Architecture.IEEE;2017:1\u201010.","DOI":"10.1109\/ICSA.2017.32"},{"key":"e_1_2_11_12_1","doi-asserted-by":"crossref","unstructured":"DesaiU BandyopadhyayS TamilselvamS.Graph neural network to dilute outliers for refactoring monolith application. In: Proceedings of the AAAI Conference on Artificial Intelligence.AAAI Press;2021:72\u201080.","DOI":"10.1609\/aaai.v35i1.16079"},{"key":"e_1_2_11_13_1","doi-asserted-by":"crossref","unstructured":"KaliaAK XiaoJ KrishnaR SinhaS VukovicM BanerjeeD.Mono2Micro: a practical and effective tool for decomposing monolithic Java applications to microservices. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.Association for Computing Machinery;2021:1214\u20101224.","DOI":"10.1145\/3468264.3473915"},{"key":"e_1_2_11_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111670"},{"key":"e_1_2_11_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1027092.1027094"},{"key":"e_1_2_11_16_1","doi-asserted-by":"crossref","unstructured":"CarvalhoL GarciaA ColanziTE et al.On the performance and adoption of search\u2010based microservice identification with toMicroservices. In: Proceedings of the 36th International Conference on Software Maintenance and Evolution.IEEE;2020:569\u2010580.","DOI":"10.1109\/ICSME46990.2020.00060"},{"key":"e_1_2_11_17_1","unstructured":"LiX ChenY LinZ WangX ChenJH.Automatic policy generation for {Inter\u2212Service} access control of microservices. In: 30th Usenix Security Symposium (Usenix Security 21).USENIX Association;2021:3971\u20103988."},{"key":"e_1_2_11_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2020.101590"},{"key":"e_1_2_11_19_1","doi-asserted-by":"crossref","unstructured":"ZdunU StockerM ZimmermannO PautassoC L\u00fcbkeD.Guiding architectural decision making on quality aspects in microservice APIs. In: Service\u2010Oriented Computing: 16th International Conference ICSOC 2018 Hangzhou China November 12\u201315 2018 Proceedings 16.Springer;2018:73\u201089.","DOI":"10.1007\/978-3-030-03596-9_5"},{"key":"e_1_2_11_20_1","doi-asserted-by":"crossref","unstructured":"VistbakkaI TroubitsynaE.Formalising privacy\u2010preserving constraints in microservices architecture. In: Formal Methods and Software Engineering: 22nd International Conference on Formal Engineering Methods ICFEM 2020 Singapore Singapore March 1\u20133 2021 Proceedings 22.Springer;2020:308\u2010317.","DOI":"10.1007\/978-3-030-63406-3_19"},{"volume-title":"Computer Security: Principles and Practice","year":"2015","author":"Stallings W","key":"e_1_2_11_21_1"},{"key":"e_1_2_11_22_1","doi-asserted-by":"publisher","DOI":"10.1177\/20539517211017308"},{"key":"e_1_2_11_23_1","doi-asserted-by":"crossref","unstructured":"GibsonB TownesS LewisD BhuniaS.Vulnerability in massive API scraping: 2021 LinkedIn data breach. In: 2021 International Conference on Computational Science and Computational Intelligence (CSCI).IEEE;2021:777\u2010782.","DOI":"10.1109\/CSCI54926.2021.00191"},{"key":"e_1_2_11_24_1","doi-asserted-by":"crossref","unstructured":"ReddingD AngJ BhuniaS.A case study of massive API scrapping: Parler data breach after the capitol riot. In: 2022 7th International Conference on Smart and Sustainable Technologies (SPLITECH).IEEE;2022:1\u20107.","DOI":"10.23919\/SpliTech55088.2022.9854293"},{"key":"e_1_2_11_25_1","doi-asserted-by":"crossref","unstructured":"GenferP ZdunU.Avoiding excessive data exposure through microservice APIs. In: European Conference on Software Architecture.Springer;2022:3\u201018.","DOI":"10.1007\/978-3-031-16697-6_1"},{"key":"e_1_2_11_26_1","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.779"},{"key":"e_1_2_11_27_1","doi-asserted-by":"crossref","unstructured":"AlshammariB FidgeC CorneyD.Security metrics for object\u2010oriented designs. In: 2010 21st Australian Software Engineering Conference.IEEE;2010:55\u201064.","DOI":"10.1109\/ASWEC.2010.34"},{"issue":"3","key":"e_1_2_11_28_1","first-page":"864","article-title":"How does refactoring impact security when improving quality? A security\u2010aware refactoring approach","volume":"48","author":"Abid C","year":"2020","journal-title":"IEEE Trans Softw Eng"},{"key":"e_1_2_11_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359981"},{"key":"e_1_2_11_30_1","doi-asserted-by":"crossref","unstructured":"AdewumiA MisraS OmoregbeN.Evaluating open source software quality models against ISO 25010. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable Autonomic and Secure Computing; Pervasive Intelligence and Computing.IEEE;2015:872\u2010877.","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.130"},{"key":"e_1_2_11_31_1","doi-asserted-by":"publisher","DOI":"10.1002\/smr.1843"},{"key":"e_1_2_11_32_1","doi-asserted-by":"crossref","unstructured":"MillhamR DogbeE.Aspect\u2010oriented security and exception handling within an object oriented system. In: 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.IEEE;2011:321\u2010326.","DOI":"10.1109\/COMPSACW.2011.60"},{"key":"e_1_2_11_33_1","doi-asserted-by":"crossref","unstructured":"EdgeC MitropoulosF.Improving security design patterns with aspect\u2010oriented strategies. In: Proceedings of the 50th Annual Southeast Regional Conference.Association for Computing Machinery;2012:24\u201029.","DOI":"10.1145\/2184512.2184519"},{"key":"e_1_2_11_34_1","unstructured":"AlebrahimA TunTT YuY HeiselM NuseibehB.An aspect\u2010oriented approach to relating security requirements and access control;2012."},{"key":"e_1_2_11_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3583563"},{"key":"e_1_2_11_36_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2913"},{"key":"e_1_2_11_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/tsc.2023.3290474"},{"key":"e_1_2_11_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-019-09454-5"},{"key":"e_1_2_11_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.11.010"},{"key":"e_1_2_11_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-021-00281-2"},{"key":"e_1_2_11_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111393"},{"key":"e_1_2_11_42_1","doi-asserted-by":"crossref","unstructured":"AlshammariB FidgeC CorneyD.Security metrics for object\u2010oriented class designs. In: 2009 Ninth International Conference on Quality Software.IEEE;2009:11\u201020.","DOI":"10.1109\/QSIC.2009.11"},{"key":"e_1_2_11_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-018-3666-z"},{"issue":"3","key":"e_1_2_11_44_1","first-page":"341","article-title":"A metrics framework for evaluating microservices architecture designs","volume":"19","author":"Al\u2010Debagy O","year":"2020","journal-title":"J Web Eng"},{"key":"e_1_2_11_45_1","doi-asserted-by":"publisher","DOI":"10.1080\/23311916.2018.1502242"},{"key":"e_1_2_11_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00158-003-0368-6"},{"key":"e_1_2_11_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/4235.996017"},{"key":"e_1_2_11_48_1","doi-asserted-by":"publisher","DOI":"10.3390\/info9070167"},{"key":"e_1_2_11_49_1","doi-asserted-by":"crossref","unstructured":"PonceF SoldaniJ AstudilloH BrogiA.Should microservice security smells stay or be refactored? Towards a trade\u2010off analysis. In: Software Architecture: 16th European Conference.Springer;2022:131\u2010139.","DOI":"10.1007\/978-3-031-16697-6_9"},{"key":"e_1_2_11_50_1","doi-asserted-by":"crossref","unstructured":"SellamiK SaiedMA OuniA AbdalkareemR.Combining static and dynamic analysis to decompose monolithic application into microservices. In: International Conference on Service\u2010Oriented Computing.Springer;2022:203\u2010218.","DOI":"10.1007\/978-3-031-20984-0_14"},{"key":"e_1_2_11_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.swevo.2011.02.001"},{"key":"e_1_2_11_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2023.02.019"},{"key":"e_1_2_11_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCBB.2020.2992304"},{"key":"e_1_2_11_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-019-8208-z"},{"key":"e_1_2_11_55_1","first-page":"3","volume-title":"Handbook of Research Methods in Social and Personality Psychology","author":"Brewer MB","year":"2000"},{"key":"e_1_2_11_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3176725"},{"key":"e_1_2_11_57_1","doi-asserted-by":"crossref","unstructured":"GrenL.Standards of validity and the validity of standards in behavioral software engineering research: the perspective of psychological test theory. In: Proceedings of the 12th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement.Association for Computing Machinery;2018:1\u20104.","DOI":"10.1145\/3239235.3267437"}],"container-title":["Journal of Software: Evolution and Process"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/smr.2670","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T02:02:31Z","timestamp":1728612151000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/smr.2670"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,27]]},"references-count":56,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2024,10]]}},"alternative-id":["10.1002\/smr.2670"],"URL":"https:\/\/doi.org\/10.1002\/smr.2670","archive":["Portico"],"relation":{},"ISSN":["2047-7473","2047-7481"],"issn-type":[{"type":"print","value":"2047-7473"},{"type":"electronic","value":"2047-7481"}],"subject":[],"published":{"date-parts":[[2024,6,27]]},"assertion":[{"value":"2023-07-29","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-05","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e2670"}}