{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T13:00:32Z","timestamp":1770814832732,"version":"3.50.1"},"reference-count":80,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2023,2,4]],"date-time":"2023-02-04T00:00:00Z","timestamp":1675468800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1854049"],"award-info":[{"award-number":["1854049"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Red Hat Research","award":["1854049"],"award-info":[{"award-number":["1854049"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.<\/jats:p>","DOI":"10.3390\/s23041755","type":"journal-article","created":{"date-parts":[[2023,2,6]],"date-time":"2023-02-06T02:06:43Z","timestamp":1675649203000},"page":"1755","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study"],"prefix":"10.3390","volume":"23","author":[{"given":"Md Shahidur","family":"Rahaman","sequence":"first","affiliation":[{"name":"Department of Computer Science, ECS, Baylor University, Waco, TX 76798, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Agm","family":"Islam","sequence":"additional","affiliation":[{"name":"Department of Computer Science, ECS, Baylor University, Waco, TX 76798, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5882-5502","authenticated-orcid":false,"given":"Tomas","family":"Cerny","sequence":"additional","affiliation":[{"name":"Department of Computer Science, ECS, Baylor University, Waco, TX 76798, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shaun","family":"Hutton","sequence":"additional","affiliation":[{"name":"Department of Computer Science, ECS, Baylor University, Waco, TX 76798, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,2,4]]},"reference":[{"key":"ref_1","unstructured":"Daya, S., Van Duy, N., Eati, K., Ferreira, C.M., Glozic, D., Gucer, V., Gupta, M., Joshi, S., Lampkin, V., and Martins, M. (2015). Microservices from Theory to Practice: Creating Applications in IBM Bluemix Using the Microservices Approach, IBM Redbooks. Available online: https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg248275.pdf."},{"key":"ref_2","unstructured":"Kalske, M., M\u00e4kitalo, N., and Mikkonen, T. (2017). Web Engineering, Springer."},{"key":"ref_3","unstructured":"Li, X., Chen, Y., Lin, Z., Wang, X., and Chen, J.H. (2021, January 11\u201313). Automatic Policy Generation for Inter-Service Access Control of Microservices. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual Event."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"106449","DOI":"10.1016\/j.infsof.2020.106449","article-title":"Understanding and addressing quality attributes of microservices architecture: A Systematic literature review","volume":"131","author":"Li","year":"2021","journal-title":"Inf. Softw. Technol."},{"key":"ref_5","unstructured":"Muresu, D. (2021). Investigating the Security of a Microservices Architecture: A Case Study on Microservice and Kubernetes Security. [Master\u2019s Thesis, KTH Royal Institute of Technology]. Available online: https:\/\/www.diva-portal.org\/smash\/get\/diva2:1597972\/FULLTEXT01.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Billawa, P., Tukaram, A.B., Ferreyra, N.E.D., Stegh\u00f6fer, J.P., Scandariato, R., and Simhandl, G. (2022). Security of Microservice Applications: A Practitioners\u2019 Perspective on Challenges and Best Practices. arXiv.","DOI":"10.1145\/3538969.3538986"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ponce, F., Soldani, J., Astudillo, H., and Brogi, A. (2022). Smells and refactorings for microservices security: A multivocal literature review. J. Syst. Softw., 111393.","DOI":"10.1016\/j.jss.2022.111393"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"de Almeida, M.G., and Canedo, E.D. (2022). Authentication and Authorization in Microservices Architecture: A Systematic Literature Review. Appl. Sci., 12.","DOI":"10.3390\/app12063023"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.jss.2018.09.082","article-title":"The pains and gains of microservices: A systematic grey literature review","volume":"146","author":"Soldani","year":"2018","journal-title":"J. Syst. Softw."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"100415","DOI":"10.1016\/j.cosrev.2021.100415","article-title":"Securing microservices and microservice architectures: A systematic mapping study","volume":"41","author":"Hannousse","year":"2021","journal-title":"Comput. Sci. Rev."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Pereira-Vale, A., M\u00e1rquez, G., Astudillo, H., and Fernandez, E.B. (October, January 30). Security mechanisms used in microservices-based systems: A systematic mapping. Proceedings of the 2019 XLV Latin American Computing Conference (CLEI), Panama City, Panama.","DOI":"10.1109\/CLEI47609.2019.235060"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"102200","DOI":"10.1016\/j.cose.2021.102200","article-title":"Security in microservice-based systems: A multivocal literature review","volume":"103","author":"Fernandez","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_13","unstructured":"Granata, D., Rak, M., and Salzillo, G. Proceedings of the Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria, 23\u201326 August 2022."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Zdun, U., Queval, P.J., Simhandl, G., Scandariato, R., Chakravarty, S., Jelic, M., and Jovanovic, A. (2022). Microservice Security Metrics for Secure Communication, Identity Management, and Observability. ACM Trans. Softw. Eng. Methodol.","DOI":"10.1145\/3532183"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Davidson, D., De Carli, L., Jha, S., and McDaniel, P. (2017, January 4\u20138). Cimplifier: Automatically debloating containers. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany.","DOI":"10.1145\/3106237.3106271"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Niddodi, C., Mohan, S., and Jha, S. (2017, January 3). New directions for container debloating. Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, Dallas, TX, USA.","DOI":"10.1145\/3141235.3141241"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Bui, T., Rao, S., Antikainen, M., and Aura, T. (2020, January 5\u20139). Xss vulnerabilities in cloud-application add-ons. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan.","DOI":"10.1145\/3320269.3384744"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Tuma, K., Sion, L., Scandariato, R., and Yskout, K. (2020, January 18\u201323). Automating the early detection of security design flaws. Proceedings of the 23rd ACM\/IEEE International Conference on Model Driven Engineering Languages and Systems, Montreal, QC, Canada.","DOI":"10.1145\/3365438.3410954"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Weir, C., Becker, I., and Blair, L. (2021, January 25\u201328). A passion for security: Intervening to help software developers. Proceedings of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), Madrid, Spain.","DOI":"10.1109\/ICSE-SEIP52600.2021.00011"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Trach, B., Oleksenko, O., Gregor, F., Bhatotia, P., and Fetzer, C. (2019, January 3\u20135). Clemmys: Towards secure remote execution in faas. Proceedings of the 12th ACM International Conference on Systems and Storage, Haifa, Israel.","DOI":"10.1145\/3319647.3325835"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Chen, A., Sriraman, A., Vaidya, T., Zhang, Y., Haeberlen, A., Loo, B.T., Phan, L.T.X., Sherr, M., Shields, C., and Zhou, W. (2016, January 9\u201310). Dispersing asymmetric DDoS attacks with SplitStack. Proceedings of the 15th ACM Workshop on Hot Topics in Networks, Atlanta, GA, USA.","DOI":"10.1145\/3005745.3005773"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Bambhore Tukaram, A., Schneider, S., D\u00edaz Ferreyra, N.E., Simhandl, G., Zdun, U., and Scandariato, R. (2022, January 23\u201326). Towards a Security Benchmark for the Architectural Design of Microservice Applications. Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3538969.3543807"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Pinconschi, E., Bui, Q.C., Abreu, R., Ad\u00e3o, P., and Scandariato, R. (2022, January 18\u201322). Maestro: A platform for benchmarking automatic program repair tools on software vulnerabilities. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, Republic of Korea.","DOI":"10.1145\/3533767.3543291"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Caprolu, M., Di Pietro, R., Lombardi, F., and Raponi, S. (2019, January 8\u201313). Edge computing perspectives: Architectures, technologies, and open security issues. Proceedings of the 2019 IEEE International Conference on Edge Computing (EDGE), Milan, Italy.","DOI":"10.1109\/EDGE.2019.00035"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"52976","DOI":"10.1109\/ACCESS.2019.2911732","article-title":"Container security: Issues, challenges, and the road ahead","volume":"7","author":"Sultan","year":"2019","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yarygina, T., and Bagge, A.H. (2018, January 26\u201329). Overcoming security challenges in microservice architectures. Proceedings of the 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), Bamberg, Germany.","DOI":"10.1109\/SOSE.2018.00011"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"152443","DOI":"10.1109\/ACCESS.2019.2945930","article-title":"Emerging trends, techniques and open issues of containerization: A review","volume":"7","author":"Watada","year":"2019","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"695","DOI":"10.1109\/TPDS.2019.2942591","article-title":"Exploring new opportunities to defeat low-rate DDoS attack in container-based cloud environment","volume":"31","author":"Li","year":"2019","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Manu, A., Patel, J.K., Akhtar, S., Agrawal, V., and Murthy, K.B.S. (2016, January 18\u201319). A study, analysis and deep dive on cloud PAAS security in terms of Docker container security. Proceedings of the 2016 international conference on circuit, power and computing technologies (ICCPCT), Nagercoil, India.","DOI":"10.1109\/ICCPCT.2016.7530284"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"104893","DOI":"10.1109\/ACCESS.2020.2999715","article-title":"A review of intrusion detection and blockchain applications in the cloud: Approaches, challenges and solutions","volume":"8","author":"Alkadi","year":"2020","journal-title":"IEEE Access"},{"key":"ref_31","unstructured":"Shamim, M.S.I., Bhuiyan, F.A., and Rahman, A. (2020, January 28\u201330). Xi commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices. Proceedings of the 2020 IEEE Secure Development (SecDev), Atlanta, GA, USA."},{"key":"ref_32","first-page":"1125","article-title":"Dseom: A framework for dynamic security evaluation and optimization of mtd in container-based cloud","volume":"18","author":"Jin","year":"2019","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Morton, M., Werner, J., Kintis, P., Snow, K., Antonakakis, M., Polychronakis, M., and Monrose, F. (2018, January 24\u201326). Security risks in asynchronous web servers: When performance optimizations amplify the impact of data-oriented attacks. Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK.","DOI":"10.1109\/EuroSP.2018.00020"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"123044","DOI":"10.1109\/ACCESS.2020.3007338","article-title":"Cloudstrike: Chaos engineering for security and resiliency in cloud infrastructure","volume":"8","author":"Torkura","year":"2020","journal-title":"IEEE Access"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Torkura, K.A., Sukmana, M.I., Kayem, A.V., Cheng, F., and Meinel, C. (2018, January 11\u201313). A cyber risk based moving target defense mechanism for microservice architectures. Proceedings of the 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA\/IUCC\/BDCloud\/SocialCom\/SustainCom), Melbourne, Australia.","DOI":"10.1109\/BDCloud.2018.00137"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1109\/TSE.2018.2844343","article-title":"An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving","volume":"46","author":"Thome","year":"2018","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Zhang, L., Cushing, R., de Laat, C., and Grosso, P. (2021, January 20\u201322). A real-time intrusion detection system based on OC-SVM for containerized applications. Proceedings of the 2021 IEEE 24th International Conference on Computational Science and Engineering (CSE), Shenyang, China.","DOI":"10.1109\/CSE53436.2021.00029"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Kong, T., Wang, L., Ma, D., Xu, Z., Yang, Q., Lu, Z., and Lu, Y. (2020, January 14\u201316). Automated Honeynet Deployment Strategy for Active Defense in Container-based Cloud. Proceedings of the 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Yanuca Island, Fiji.","DOI":"10.1109\/HPCC-SmartCity-DSS50907.2020.00059"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"41914","DOI":"10.1109\/ACCESS.2022.3165548","article-title":"SFTSDH: Applying Spring Security Framework With TSD-Based OAuth2 to Protect Microservice Architecture APIs","volume":"10","author":"Chatterjee","year":"2022","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Blaise, A., and Rebecchi, F. (2022, January 10\u201316). Stay at the Helm: Secure Kubernetes deployments via graph generation and attack reconstruction. Proceedings of the 2022 IEEE 15th International Conference on Cloud Computing (CLOUD), Barcelona, Spain.","DOI":"10.1109\/CLOUD55607.2022.00022"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Mahajan, V.B., and Mane, S.B. (2022, January 23\u201325). Detection, Analysis and Countermeasures for Container based Misconfiguration using Docker and Kubernetes. Proceedings of the 2022 International Conference on Computing, Communication, Security and Intelligent Systems (IC3SIS), Kochi, India.","DOI":"10.1109\/IC3SIS54991.2022.9885293"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Flora, J. (2020, January 12\u201315). Improving the security of microservice systems by detecting and tolerating intrusions. Proceedings of the 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Coimbre, Portugal.","DOI":"10.1109\/ISSREW51248.2020.00051"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Zhan, M., Li, Y., Yang, H., Yu, G., Li, B., and Wang, W. (2022). Coda: Runtime Detection of Application-Layer CPU-Exhaustion DoS Attacks in Containers. IEEE Trans. Serv. Comput., 1\u201312.","DOI":"10.1109\/TSC.2022.3194266"},{"key":"ref_44","unstructured":"Lei, L., Sun, J., Sun, K., Shenefiel, C., Ma, R., Wang, Y., and Li, Q. (2017). Detection of Intrusions and Malware, and Vulnerability Assessment, Springer."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"102544","DOI":"10.1016\/j.simpat.2022.102544","article-title":"Resilient Back Propagation Neural Network Security Model For Containerized Cloud Computing","volume":"118","author":"Almiani","year":"2022","journal-title":"Simul. Model. Pract. Theory"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"e779","DOI":"10.7717\/peerj-cs.779","article-title":"Microservice security: A systematic literature review","volume":"7","author":"Berardi","year":"2022","journal-title":"PeerJ Comput. Sci."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Farshteindiker, A., and Puzis, R. (2021). Leadership hijacking in Docker swarm and its consequences. Entropy, 23.","DOI":"10.20944\/preprints202105.0594.v1"},{"key":"ref_48","first-page":"73","article-title":"Privacy-preserving data sharing and adaptable service compositions in mission-critical clouds","volume":"1613","author":"Bhargava","year":"2020","journal-title":"Proceedings"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"1041","DOI":"10.1051\/e3sconf\/202022401041","article-title":"Information system development for restricting access to software tool built on microservice architecture","volume":"224","author":"Safaryan","year":"2020","journal-title":"E3s Web Conf."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Iraqi, O., and El Bakkali, H. (2020, January 10\u201313). Immunizer: A scalable loosely-coupled self-protecting software framework using adaptive microagents and parallelized microservices. Proceedings of the 2020 IEEE 29th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Bayonne, France.","DOI":"10.1109\/WETICE49692.2020.00013"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Baarzi, A.F., Kesidis, G., Fleck, D., and Stavrou, A. (2020, January 27). Microservices made attack-resilient using unsupervised service fissioning. Proceedings of the 13th European workshop on Systems Security, Heraklion, Greece.","DOI":"10.1145\/3380786.3391395"},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"456","DOI":"10.1016\/j.procs.2018.04.047","article-title":"Defense-in-depth and role authentication for microservice systems","volume":"130","author":"Jander","year":"2018","journal-title":"Procedia Comput. Sci."},{"key":"ref_53","unstructured":"Yarygina, T., and Otterstad, C. (2018). Distributed Applications and Interoperable Systems, Springer."},{"key":"ref_54","unstructured":"Nasab, A.R., Shahin, M., Raviz, S.A.H., Liang, P., Mashmool, A., and Lenarduzzi, V. (2021). An Empirical Study of Security Practices for Microservices Systems. arXiv."},{"key":"ref_55","first-page":"102924","article-title":"Lic-Sec: An enhanced AppArmor Docker security profile generator","volume":"61","author":"Zhu","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_56","unstructured":"Ahmadvand, M., Pretschner, A., Ball, K., and Eyring, D. (2018). Software Technologies: Applications and Foundations, Springer."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"e4436","DOI":"10.1002\/cpe.4436","article-title":"A survey on security issues in services communication of Microservices-enabled fog applications","volume":"31","author":"Yu","year":"2019","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Torkura, K.A., Sukmana, M.I., and Meinel, C. (2017, January 5\u20138). Integrating continuous security assessments in microservices and cloud native applications. Proceedings of the 10th International Conference on Utility and Cloud Computing, Austin, TX, USA.","DOI":"10.1145\/3147213.3147229"},{"key":"ref_59","unstructured":"Ahamed, W.S.S., Zavarsky, P., and Swar, B. (2021, January 21\u201323). Security Audit of Docker Container Images in Cloud Architecture. Proceedings of the 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), Jalandhar, India."},{"key":"ref_60","unstructured":"Otterstad, C., and Yarygina, T. (2017). European Conference on Service-Oriented and Cloud Computing, Springer."},{"key":"ref_61","unstructured":"(2023, January 15). OWASP Application Security Verification Standard 4.0. Available online: https:\/\/owasp.org\/www-pdf-archive\/OWASP_Application_Security_Verification_Standard_4.0-en.pdf."},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., and Derhab, A. (2020, January 4\u20137). CyberSecurity attack prediction: A deep learning approach. Proceedings of the 13th International Conference on Security of Information and Networks, Merkez, Turkey.","DOI":"10.1145\/3433174.3433614"},{"key":"ref_63","unstructured":"(2023, January 15). enisa ENISA Threat Landscape 2022. Available online: https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022."},{"key":"ref_64","unstructured":"(2023, January 15). Cloud-Native Security. Available online: https:\/\/www.tigera.io\/learn\/guides\/cloud-native-security\/."},{"key":"ref_65","unstructured":"(2023, January 15). TREND-Micro Securing the 4 Cs of Cloud-Native Systems: Cloud, Cluster, Container, and Code. Available online: https:\/\/www.trendmicro.com\/vinfo\/in\/security\/news\/virtualization-and-cloud\/securing-the-4-cs-of-cloud-native-systems-cloud-cluster-container-and-code."},{"key":"ref_66","unstructured":"(2023, January 15). IONATE Cloud-Native Security Solution. Available online: https:\/\/ionate.io\/downloads\/resources\/Whitepaper_Ionate_Cloud_Native_Security_Solution.pdf."},{"key":"ref_67","unstructured":"(2023, January 15). Container Journal The Four Cs of Cloud-Native Security. Available online: https:\/\/containerjournal.com\/features\/the-four-cs-of-cloud-native-security\/."},{"key":"ref_68","unstructured":"(2023, January 15). CROWDSTRIKE WHAT IS A CLOUD-NATIVE APPLICATION PROTECTION PLATFORM (CNAPP)?. Available online: https:\/\/www.crowdstrike.com\/cybersecurity-101\/cloud-security\/cloud-native-application-protection-platform-cnapp\/."},{"key":"ref_69","unstructured":"(2023, January 15). A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP). Available online: https:\/\/apiiro.com\/blog\/a-leap-forward-in-risk-based-application-security-the-cloud-native-application-protection-platform-cnapp\/."},{"key":"ref_70","unstructured":"(2023, January 15). A Guide to DevSecOps Tools and Continuous Security For an Enterprise. Available online: https:\/\/www.xenonstack.com\/blog\/devsecops-tools."},{"key":"ref_71","unstructured":"(2023, January 15). SnykCloud Native Security Guide for Building Secure Applications. Available online: https:\/\/snyk.io\/learn\/cloud-native-security-for-cloud-native-applications\/."},{"key":"ref_72","unstructured":"(2023, January 15). VERACODEThe Evolution of Application Security in a Cloud-Native World: Q&A with Chris Wysopal. Available online: https:\/\/www.veracode.com\/blog\/secure-development\/evolution-application-security-cloud-native-world-qa-chris-wysopal."},{"key":"ref_73","unstructured":"(2023, January 15). SYNOPSYS Cyber Security. Available online: https:\/\/www.synopsys.com\/glossary\/what-is-cyber-security.html."},{"key":"ref_74","unstructured":"(2023, January 15). TechBeacon Buyer\u2019s Guide for Application Security Tools 2021. Available online: https:\/\/techbeacon.com\/techbeacon-app-sec-tools-buyers-guide-2021?amp."},{"key":"ref_75","unstructured":"(2023, January 15). Styra Microservices Security: Fundamentals and Best Practices. Available online: https:\/\/www.styra.com\/blog\/microservices-security-fundamentals-and-best-practices\/."},{"key":"ref_76","unstructured":"(2023, January 15). SecurityCompass Microservices and What You Need to Know about Their Security. Available online: https:\/\/www.securitycompass.com\/blog\/microservices-and-what-you-need-to-know-about-their-security\/."},{"key":"ref_77","unstructured":"(2023, January 15). Hackerone What Is Application Security?. Available online: https:\/\/www.hackerone.com\/knowledge-center\/what-application-security-concepts-tools-best-practices."},{"key":"ref_78","unstructured":"(2023, January 15). Benison 8 Best Practices to Secure Microservices. Available online: https:\/\/benisontech.com\/8-best-practices-to-secure-microservices\/."},{"key":"ref_79","unstructured":"(2023, January 15). KTH Evaluation of Security Threats in Microservice Architectures. Available online: http:\/\/kth.diva-portal.org\/smash\/get\/diva2:1708704\/FULLTEXT01.pdf."},{"key":"ref_80","doi-asserted-by":"crossref","unstructured":"Petersen, K., Feldt, R., Mujtaba, S., and Mattsson, M. (2008, January 26\u201327). Systematic mapping studies in software engineering. Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineering (EASE), Bari, Italy.","DOI":"10.14236\/ewic\/EASE2008.8"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/4\/1755\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:24:14Z","timestamp":1760120654000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/4\/1755"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,4]]},"references-count":80,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,2]]}},"alternative-id":["s23041755"],"URL":"https:\/\/doi.org\/10.3390\/s23041755","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,4]]}}}