Microservice architectures (MSA) are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to address the scalability and ease the maintenance of online services. However, security breaches have increased threatening availability, integrity and confidentiality of microservice-based systems. A growing body of literature is found addressing security threats and security mechanisms to individual microservices and microservice architectures. The aim of this study is to provide a helpful guide to developers about already recognized threats on microservices and how they can be detected, mitigated or prevented; we also aim to identify potential research gaps on securing MSA. In this paper, we conduct a systematic mapping in order to categorize threats on MSA with their security proposals. Therefore, we extracted threats and details of proposed solutions reported in selected studies. Obtained results are used to design a lightweight ontology for security patterns of MSA. The ontology can be queried to identify source of threats, security mechanisms used to prevent each threat, applicability layer and validation techniques used for each mechanism. The systematic search yielded 1067 studies of which 46 are selected as primary studies. The results of the mapping revealed an unbalanced research focus in favor of external attacks; auditing and enforcing access control are the most investigated techniques compared with prevention and mitigation. Additionally, we found that most proposed solutions are soft-infrastructure applicable layer compared with other layers such as communication and deployment. We also found that performance analysis and case studies are the most used validation techniques of security proposals.

微服务架构 (MSA) 正在成为现有软件开发范式的趋势替代方案，特别是用于开发复杂的分布式应用程序。微服务作为一种架构设计模式出现，旨在解决可扩展性并简化在线服务的维护。然而，安全漏洞增加了基于微服务的系统的可用性、完整性和机密性的威胁。发现越来越多的文献解决了单个微服务和微服务架构的安全威胁和安全机制。本研究的目的是为开发人员提供有用的指南，了解微服务上已识别的威胁以及如何检测、缓解或预防这些威胁；我们还旨在确定在确保 MSA 方面的潜在研究差距。在本文中，我们进行系统映射，以便对 MSA 上的威胁及其安全建议进行分类。因此，我们提取了选定研究中报告的威胁和提议解决方案的详细信息。所得结果用于设计MSA安全模式的轻量级本体。可以查询本体以识别威胁来源、用于防止每种威胁的安全机制、适用层以及用于每种机制的验证技术。系统搜索产生了 1067 项研究，其中 46 项被选为主要研究。映射的结果揭示了一个不平衡的研究重点，有利于外部攻击；与预防和缓解相比，审计和实施访问控制是研究最多的技术。此外，我们发现，与其他层（如通信和部署）相比，大多数提出的解决方案是软基础设施适用层。我们还发现，性能分析和案例研究是最常用的安全提案验证技术。