Banca de DEFESA: Murilo Góes de Almeida

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : Murilo Góes de Almeida
DATE: 29/08/2022
TIME: 14:00
LOCAL: Plataforma Teams
TITLE:

Implementation of the OAuth2 Protocol and OpenID Connect in a Microservices Oriented Architecture


KEY WORDS:

Microservices, Security, Authentication, Authorization, Systematic Literature Review


PAGES: 127
BIG AREA: Ciências Exatas e da Terra
AREA: Ciência da Computação
SUMMARY:

The Intelligence Department of the Military Police of São Paulo State (CIPM/PMESP) has been evolving their legacy systems, which are currently in a microservices architecture. This architecture splits an application into small services, which are implemented independently, with their own deployment unit. The microservice architecture can bring benefits, however, it also presents challenges, especially regarding security aspects. Therefore, it brings a need to explore knowledge about security issues in microservices, especially in authentication and authorization aspects. In addition, the characteristic of the intelligence activity must necessarily reach a series of principles, such as compartmentalization, which aims to restrict access to certain information only to professionals who need to know. This reinforces the need to verify whether the current environment is adequate in terms of authentication and authorization, to ensure compliance with this principle. This work aims to propose and evaluate the security of a microservices-oriented solution to perform authentication and authorization in the Intelligence Systems of the Military Police of the State of São Paulo. To this end, a Systematic Literature Review is carried out to check what are the main challenges in authentication and authorization in the microservice architecture, the mechanisms that deal with such challenges and the open-source technologies that implement such mechanisms. With the SLR findings, a validation survey is carried out, verifying whether such findings are observed in the industry, to confirm the practical use of what was found, in addition to seeking to verify new answers that were not found in the SLR. Finally, an implementation is carried out in the PMESP intelligence environment with the open-source technology that implements the mechanisms found, applying security tests in the current and new environment, to verify if the applied mechanisms improved the security of the application.


BANKING MEMBERS:
Presidente - 1780217 - EDNA DIAS CANEDO
Externo à Instituição - EDUARDO LUZEIRO FEITOSA - UFAM
Interno - 1298865 - SERGIO ANTONIO ANDRADE DE FREITAS
Notícia cadastrada em: 17/08/2022 08:48
SIGAA | Secretaria de Tecnologia da Informação - STI - (61) 3107-0102 | Copyright © 2006-2024 - UFRN - app32.sigaa32