Litcius/Paper detail

Sidecar-based Path-aware Security for Microservices

Catherine Meadows, Sena Hounsinou, Timothy Wood, Gedare Bloom

202314 citationsDOI

Abstract

Microservice architectures decompose web applications into loosely-coupled, distributed components that interact with each other to provide an overall service. While this popular software architecture paradigm has many advantages in development and deployment, it also introduces a wider attack surface that is vulnerable to both internal and external attackers. Potentially malicious third-party services or software packages, as well as increased communication endpoints, introduce a wide array of security concerns. To improve the resiliency of microservice-based applications, many of which store sensitive data, we propose a novel, path-based anomaly detection and access control infrastructure that requires no modifications to existing software. We propose leveraging trusted proxies deployed alongside each service for request inspection, anomaly detection and signed token propagation for end-user path validation. Our approach reduces the trusted computing base away from the microservices to a smaller set of components that allow for less trust and a smaller attack surface.

Topics & Concepts

MicroservicesComputer scienceSecurity tokenAttack surfaceSoftware deploymentTrusted computing baseSoftwareWeb serviceTrusted ComputingComputer securityThreat modelService (business)Path (computing)Anomaly detectionSingle point of failureComputer networkWorld Wide WebSoftware engineeringOperating systemEconomyCloud computingCloud computing securityEconomicsData miningSoftware System Performance and ReliabilityNetwork Security and Intrusion DetectionSoftware-Defined Networks and 5G
Sidecar-based Path-aware Security for Microservices | Litcius