TRABALHOS DE FIM DE CURSO @PUC-Rio
| Título: | SECURING KAPIO: A KNOWLEDGE API ORCHESTRATOR FOR MULTIPLE HETEROGENEOUS SYSTEMS WITH DIFFERENT OWNERSHIPS | ||||||||||||
| Autor(es): |
ENRICO VERGOLINO GNANI |
||||||||||||
| Colaborador(es): |
VITOR PINHEIRO DE ALMEIDA - Orientador ANDERSON OLIVEIRA DA SILVA - Coorientador |
||||||||||||
| Catalogação: | 26/MAR/2026 | Língua(s): | PORTUGUESE - BRAZIL |
||||||||||
| Tipo: | TEXT | Subtipo: | SENIOR PROJECT | ||||||||||
| Notas: |
[pt] Todos os dados constantes dos documentos são de inteira responsabilidade de seus autores. Os dados utilizados nas descrições dos documentos estão em conformidade com os sistemas da administração da PUC-Rio. [en] All data contained in the documents are the sole responsibility of the authors. The data used in the descriptions of the documents are in conformity with the systems of the administration of PUC-Rio. |
||||||||||||
| Referência(s): |
[pt] https://www.maxwell.vrac.puc-rio.br/projetosEspeciais/TFCs/consultas/conteudo.php?strSecao=resultado&nrSeq=75848@1 [en] https://www.maxwell.vrac.puc-rio.br/projetosEspeciais/TFCs/consultas/conteudo.php?strSecao=resultado&nrSeq=75848@2 |
||||||||||||
| DOI: | https://doi.org/10.17771/PUCRio.acad.75848 | ||||||||||||
| Resumo: | |||||||||||||
|
This work investigates security vulnerabilities and governance challenges
in a GraphQL-based API orchestration layer that integrates multiple systems.
This research uses the KAPIO API orchestrator: Knowledge API Orchestrator,
which, in addition to acting as a proxy for the APIs connected to it, also
has the ability to process data from different endpoints, both in parallel and
sequentially.
The research delves into security issues by bringing together data from
different sources, with varying levels of permission and sensitivity, in a single
environment, highlighting risks associated with system-of-systems (SoS) archi
tectures, characterized by the union of independent systems to perform new
functionalities.
The methodology used included a systematic review of the literature on
GraphQL security and a static and dynamic code analysis of the original so
lution. The work focuses on creating a pilot project capable of maintaining
confidentiality through encryption of sensitive data, access control with gran
ular permissions per user profile, allowing the selection of specific attributes
at each endpoint, and detection of anomalies and cycles.
The research concludes with a discussion of possible improvements and
future directions, such as the adoption of mitigation techniques for the iden
tified security risks, offering a path for the secure implementation of an API
orchestrator for the integration of multiple systems in a SoS scenario.
|
|||||||||||||
|
|||||||||||||