Towards Security Mechanisms for an Industrial Microservice-Oriented Architecture

Service and Microservice-oriented architectures (MOA) are being applied in different areas including Industry 4.0 and Industrial Internet of Things. Even though there are many advantages of using MOA in industrial applications, such as the vertical interoperability, there is also an important concern about how to protect these services at different levels and to provide a secure service communication. The security aspect in MOA requires specific mechanisms due to the service interactions in these architectures. This paper investigates proper security mechanisms for industrial SOA and MOA. Several security mechanisms, such as HTTPS for message encryption and authentication, authentication in the transporter service and a guard service that controls the access among services, are implemented and tested in a MOA. A discussion about the benefits of the security mechanisms is presented as well as an analysis of the impact on the MOA communication performance due to these mechanisms' inclusion. Experimental results obtained in a MOA-based process control plant show that there is tradeoff between adding security mechanisms or obtaining better communication performance for the MOA in terms of service composition cycle time (execution time of required sequence of services).