{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:07:14Z","timestamp":1743066434446,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":23,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819709885"},{"type":"electronic","value":"9789819709892"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-0989-2_27","type":"book-chapter","created":{"date-parts":[[2024,3,15]],"date-time":"2024-03-15T06:02:15Z","timestamp":1710482535000},"page":"317-324","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Smelling Homemade Crypto Code in\u00a0Microservices, with\u00a0KubeHound"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Howard-Grubb","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2435-3543","authenticated-orcid":false,"given":"Jacopo","family":"Soldani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giorgio","family":"Dell\u2019Immagine","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1195-530X","authenticated-orcid":false,"given":"Francesca Arcelli","family":"Fontana","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2048-2468","authenticated-orcid":false,"given":"Antonio","family":"Brogi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,16]]},"reference":[{"unstructured":"Aqua Security Software: Kube Bench. https:\/\/github.com\/aquasecurity\/kube-bench","key":"27_CR1"},{"unstructured":"Aqua Security Software: Kube Hunter. https:\/\/github.com\/aquasecurity\/kube-hunter\/","key":"27_CR2"},{"issue":"3","key":"27_CR3","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/MS.2016.64","volume":"33","author":"A Balalaie","year":"2016","unstructured":"Balalaie, A., Heydarnoori, A., Jamshidi, P.: Microservices architecture enables devops: migration to a cloud-native architecture. IEEE Softw. 33(3), 42\u201352 (2016). https:\/\/doi.org\/10.1109\/MS.2016.64","journal-title":"IEEE Softw."},{"doi-asserted-by":"publisher","unstructured":"Berardi, D., Giallorenzo, S., Mauro, J., Melis, A., Montesi, F., Prandini, M.: Microservice security: a systematic literature review. PeerJ Comput. Sci. 8 (2022). https:\/\/doi.org\/10.7717\/peerj-cs.779","key":"27_CR4","DOI":"10.7717\/peerj-cs.779"},{"key":"27_CR5","doi-asserted-by":"publisher","first-page":"1025","DOI":"10.1007\/s00607-021-00924-y","volume":"103","author":"A Bocci","year":"2021","unstructured":"Bocci, A., Forti, S., Ferrari, G.L., Brogi, A.: Secure FaaS orchestration in the fog: how far are we? Computing 103, 1025\u20131056 (2021). https:\/\/doi.org\/10.1007\/s00607-021-00924-y","journal-title":"Computing"},{"doi-asserted-by":"publisher","unstructured":"Chondamrongkul, N., Sun, J., Warren, I.: Automated security analysis for microservice architecture. In: 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), pp. 79\u201382 (2020). https:\/\/doi.org\/10.1109\/ICSA-C50368.2020.00024","key":"27_CR6","DOI":"10.1109\/ICSA-C50368.2020.00024"},{"unstructured":"Control Plane: KubeSec - Security risk analysis for Kubernetes resources. https:\/\/kubesec.io\/","key":"27_CR7"},{"doi-asserted-by":"publisher","unstructured":"DellImmagine, G., Soldani, J., Brogi, A.: KubeHound: detecting microservices\u2019 security smells in Kubernetes deployments. Future Internet 15(7) (2023). https:\/\/doi.org\/10.3390\/fi15070228","key":"27_CR8","DOI":"10.3390\/fi15070228"},{"unstructured":"Fehrer, T., Lozoya, R., Sabetta, A., Di Nucci, D., Tamburri, D.: Detecting security fixes in open-source repositories using static code analyzers. CoRR abs\/2105.03346 (2021)","key":"27_CR9"},{"unstructured":"Ferech, M., de Bruijn, T., Ponsard, N.: OpenAPI fuzzer. https:\/\/github.com\/matusf\/openapi-fuzzer","key":"27_CR10"},{"unstructured":"Google Cloud Platform: Online Boutique. https:\/\/github.com\/GoogleCloudPlatform\/microservices-demo","key":"27_CR11"},{"unstructured":"Khan, A.: How to secure your microservices: shopify case study. Dzone (2018)","key":"27_CR12"},{"unstructured":"NIST: Guideline for using cryptographic standards in the federal government: cryptographic mechanisms. NIST Special Publication 800-175B, Revision 1 (2020)","key":"27_CR13"},{"key":"27_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111393","volume":"192","author":"F Ponce","year":"2022","unstructured":"Ponce, F., Soldani, J., Astudillo, H., Brogi, A.: Smells and refactorings for microservices security: a multivocal literature review. J. Syst. Softw. 192, 111393 (2022). https:\/\/doi.org\/10.1016\/j.jss.2022.111393","journal-title":"J. Syst. Softw."},{"unstructured":"Prisma Cloud: Checkov. https:\/\/www.checkov.io","key":"27_CR15"},{"doi-asserted-by":"publisher","unstructured":"Rahman, A., Parnin, C., Williams, L.: The seven sins: security smells in infrastructure as code scripts. In: Bultan, T., Whittle, J. (eds.) 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE 2019), pp. 164\u2013175. IEEE Computer Society (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00033","key":"27_CR16","DOI":"10.1109\/ICSE.2019.00033"},{"key":"27_CR17","volume-title":"Software Architecture Patterns","author":"M Richards","year":"2015","unstructured":"Richards, M.: Software Architecture Patterns, 1st edn. O\u2019Reilly Media Inc., Newton (2015)","edition":"1"},{"key":"27_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111722","volume":"202","author":"S Schneider","year":"2023","unstructured":"Schneider, S., Scandariato, R.: Automatic extraction of security-rich dataflow diagrams for microservice applications written in Java. J. Syst. Softw. 202, 111722 (2023). https:\/\/doi.org\/10.1016\/j.jss.2023.111722","journal-title":"J. Syst. Softw."},{"key":"27_CR19","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/j.jss.2018.09.082","volume":"146","author":"J Soldani","year":"2018","unstructured":"Soldani, J., Tamburri, D.A., Van Den Heuvel, W.J.: The pains and gains of microservices: a systematic grey literature review. J. Syst. Softw. 146, 215\u2013232 (2018). https:\/\/doi.org\/10.1016\/j.jss.2018.09.082","journal-title":"J. Syst. Softw."},{"unstructured":"Sonar Solutions: SonarQube: Documentation. https:\/\/docs.sonarsource.com\/sonarqube\/","key":"27_CR20"},{"unstructured":"Weaveworks, Container Solutions: Sock Shop. https:\/\/microservices-demo.github.io\/","key":"27_CR21"},{"unstructured":"ZAP Dev Team: Zed Attack Proxy. https:\/\/www.zaproxy.org\/","key":"27_CR22"},{"doi-asserted-by":"publisher","unstructured":"Zdun, U., et al.: Microservice security metrics for secure communication, identity management, and observability. ACM Trans. Softw. Eng. Methodol. 32(1) (2023). https:\/\/doi.org\/10.1145\/3532183","key":"27_CR23","DOI":"10.1145\/3532183"}],"container-title":["Lecture Notes in Computer Science","Service-Oriented Computing \u2013 ICSOC 2023 Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-0989-2_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,15]],"date-time":"2024-03-15T06:05:50Z","timestamp":1710482750000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-0989-2_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819709885","9789819709892"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-0989-2_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"16 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICSOC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Service-Oriented Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icsoc2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icsoc2023.diag.uniroma1.it\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"ConfTool","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"208","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"other papers accepted: 3 industry full papers, 3 keynote abstracts (in the front matter)","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}