IRTUM – Institutional Repository of the Technical University of Moldova
Security Implications of API Gateway Patterns in Distributed Systems
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.advisor | ȚURCANU, Dinu | |
| dc.contributor.advisor | COJOCARU, Svetlana | |
| dc.contributor.author | MOISEI, Liviu | |
| dc.date.accessioned | 2026-03-02T12:08:30Z | |
| dc.date.available | 2026-03-02T12:08:30Z | |
| dc.date.issued | 2026 | |
| dc.identifier.citation | MOISEI, Liviu. Security Implications of API Gateway Patterns in Distributed Systems. Teză de master. Programul de studiu Securitate Informaţională. Conducător ştiinţific ȚURCANU Dinu, dr., conf. univ. Universitatea Tehnică a Moldovei. Chișinău, 2026. | en_US |
| dc.identifier.uri | https://repository.utm.md/handle/5014/35536 | |
| dc.description | Fişierul ataşat conţine: Rezumat, Abstract, Cuprins, Introducere, Bibliografie. | en_US |
| dc.description.abstract | This thesis presents a comprehensive security assessment methodology for microservices API gate ways, focusing on integration patterns in distributed architectures. The research addresses the critical chal lenge of securing API gateway implementations that serve as the primary entry point for microservices based systems. The study develops a systematic evaluation framework that combines architectural pattern analysis, threat modeling using STRIDE methodology, and security control assessment based on OWASP guidelines. A comparative analysis of prominent frameworks including Spring Cloud Gateway, Kong Gateway, and Google Apigee identifies key security characteristics across authentication, authorization, rate limiting, and data protection mechanisms. The methodology introduces a pattern-based approach that categorizes gateway implementations into three primary architectural patterns: Simple Gateway, Backend for Frontend (BFF), and Gateway Ag gregation. Each pattern is analyzed for inherent security properties, vulnerability surfaces, and mitigation strategies. The framework provides decision support criteria for pattern selection based on organizational security requirements, operational complexity, and scalability considerations. Practical validation demonstrates the methodology’s effectiveness through real-world case studies, revealing critical security gaps in common implementations and providing actionable recommendations for security enhancement. The research contributes both theoretical foundations through formalized pat tern characteristics and practical tools including threat assessment matrices, configuration checklists, and security metric frameworks. Results indicate that pattern-aware security design significantly improves the security posture of microservices architectures while maintaining operational efficiency. The proposed methodology enables organizations to make informed architectural decisions that balance security requirements with functional and performance objectives. | en_US |
| dc.description.abstract | Aceasta lucrare prezinta o metodologie comprehensiva de evaluare a securitatii gateway-urilor API pentru microservicii, concentrându-se pe modelele de integrare în arhitecturi distribuite. Cercetarea abor deaza provocarea critica a securizarii implementarilor de gateway-uri API care servesc drept punct principal de intrare pentru sistemele bazate pe microservicii. Studiul dezvolta un cadru sistematic de evaluare care combina analiza modelelor arhitecturale, modelarea amenint, arilor folosind metodologia STRIDE si evaluarea controalelor de securitate bazata pe ghidurile OWASP. O analiza comparativa a framework-urilor proeminente, inclusiv Spring Cloud Gateway, și Google Apigee, identifica caracteristicile cheie de securitate în ceea ce priveste autentificarea, Kong Gateway, autorizarea, limitarea ratei si mecanismele de protectie a datelor. Metodologia introduce o abordare bazată pe modele care categorizeaza implementarile de gateway în trei modele arhitecturale principale: Gateway Simplu, Backend for Frontend (BFF) si Gateway Aggre gation. Fiecare model este analizat pentru proprietatile inerente de securitate, suprafetele de vulnerabilitate, strategiile de atenuare. Cadrul ofera criterii de suport decizional pentru selectarea modelelor bazate pe cerintele organizationale de securitate, complexitatea operationala si considerentele de scalabilitate. Validarea practica demonstreaza eficacitatea metodologiei prin studii de caz reale, dezvaluind lacune critice de securitate în implementarile comune si furnizând recomandari actionabile pentru îmbunatatirea securitatii. Cercetarea contribuie atât la fundamentele teoretice prin caracteristici formalizate ale modelelor, cât si la instrumente practice, inclusiv matrici de evaluare a amenintarilor, liste de verificare a configuratiilor si cadre de metrici de securitate. Rezultatele indica faptul ca proiectarea securitatii constienta de modele îmbunatateste semnificativ postura de securitate a arhitecturilor de microservicii, mentinând în acelasi timp eficienta operationala. Metodologia propusa permite organizatiilor sa ia decizii arhitecturale informate care echilibreaza cerintele de securitate cu obiectivele functionale si de performanta. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Universitatea Tehnică a Moldovei | en_US |
| dc.rights | Attribution-NonCommercial-NoDerivs 3.0 United States | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/us/ | * |
| dc.subject | API Gateway | en_US |
| dc.subject | Microservices Security | en_US |
| dc.subject | Integration Patterns | en_US |
| dc.subject | securitate a microserviciilor | en_US |
| dc.subject | modele de Integrare | en_US |
| dc.subject | modelare a amenințărilor | en_US |
| dc.title | Security Implications of API Gateway Patterns in Distributed Systems | en_US |
| dc.type | Thesis | en_US |
Files in this item
The following license files are associated with this item:
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 United States