Objective. Service-oriented architecture increases technical abilities for
attacker to move laterally and maintain multiple pivot points inside of
compromised environment. Microservice-based infrastructure brings more
challenges for security architect related to internal event visibility and
monitoring. Properly implemented logging and audit approach is a baseline for
security operations and incident management. The aim of this study is to
provide helpful resource to application and product security architects,
software and operation engineers on existing architecture patterns to implement
trustworthy logging and audit process in microservice-based environments.
Method. In this paper, we conduct information security threats modeling and a
systematic review of major electronic databases and libraries, security
standards and presentations at the major security conferences as well as
architecture whitepapers of industry vendors with relevant products. Results
and practical relevance. In this work based on research papers and major
security conferences presentations analysis, we identified industry best
practices in logging audit patterns and its applicability depending on
environment characteristic. We provided threat modeling for typical
architecture pattern of logging system and identified 8 information security
threats. We provided security threat mitigation and as a result of 11
high-level security requirements for audit logging system were identified.
High-level security requirements can be used by application security architect
in order to secure their products.

By admin