Adaptive observability for forensic-ready microservice systems
Microservice-based applications may include multiple instances of microservices running on containerised infrastructures. These infrastructures pose challenges to digital investigations of security incidents because digital evidence can be destroyed when containers are terminated. Observability techniques are used to facilitate the investigation of incidents in microservice systems. However, existing observability approaches do not address security incidents when there is a need to perform digital forensic investigations. Furthermore, approaches to proactively support digital forensic investigations are limited to security incidents that are known a priori. In this article, we propose an adaptive observability approach based on game theory. The approach addresses the challenge of implementing forensic-ready microservice systems while considering uncertainties in security incidents. Our approach provides evidence collection capabilities for microservice systems and continually adapts to improve the forensic readiness of microservices. Specifically, the approach uses game theory to model and reason about the interactions between users and microservices, determining the optimal time and manner for observing microservices before the occurrence of security incidents. The performance of the approach has been assessed and compared with other observability approaches. Results of the evaluation indicate that adaptive observability outperforms other observability approaches, with improvements ranging from 3.1% up to 42.50%.
Funding
SAUSE: Secure, Adaptive, Usable Software Engineering
Engineering and Physical Sciences Research Council
Find out more...History
Publication
IEEE Transactions on Services Computing, 2023 6, (5), pp. 3196-3209Publisher
Institute of Electrical and Electronics EngineersAlso affiliated with
- LERO - The Science Foundation Ireland Research Centre for Software
Sustainable development goals
- (4) Quality Education
External identifier
Department or School
- Computer Science & Information Systems