Loading...
Design and Evaluation of Security-Focused Service Meshes for Management of Microservice Deployments
Brucker-Hahn, Dalton A
Brucker-Hahn, Dalton A
Citations
Altmetric:
Abstract
Shifting trends in modern software engineering and cloud computing have pushed system designs to leverage containerization and develop their systems into microservice architectures. While microservice architectures emphasize scalability and ease-of-development, the issue of microservice explosion has emerged, stressing hosting environments and generating new challenges within this domain. Service meshes, the latest in a series of developments, are being adopted to meet these needs. Service meshes provide separation of concerns between microservice development and the operational concerns of microservice deployments, such as service discovery and networking. However, despite the benefits provided by service meshes, the security demands of this domain are unmet by the current state-of-art offerings.Through a series of experimental trials in a service mesh testbed, we demonstrate a need for improved security mechanisms in the state-of-art offerings of service meshes. After deriving a series of domain-conscious recommendations to improve the longevity and flexibility of service meshes, we design and implement two proof-of-concept service mesh systems, Anvil and ServiceFRESH to facilitate frequent, automated rotation of security artifacts (keys, certificates, and tokens), within service mesh deployments. Anvil is a novel, standalone service mesh with automated, zero-downtime artifact rotations, while ServiceFRESH is a best-effort service mesh rotation module for use alongside a current state-of-art service mesh, Consul. The next prototype designed and developed as part of this work, ServiceWatch leverages these frequent security artifact refreshments and introduces a novel access control monitoring scheme. ServiceWatch effectively provides holistic monitoring and management of the microservice deployments it hosts. Further, ServiceWatch automatically isolates and removes microservices that violate the defined network policies of the service mesh, requiring no system administrator intervention. Extending this proof-of-concept environment, we design and implement a prototype workflow called CloudCover.CloudCover introduces a verification-in-the-loop scheme and leverages modern service mesh tools, allowing easy adoption of these novel security mechanisms into state-of-art deployments. Under a realistic and relevant threat model, we show how our design choices and improvements are both necessary and beneficial to real-world deployments. By examining network packet captures, we provide a theoretical analysis of the scalability of these solutions in real-world networks. We further extend these trials experimentally using an independently managed and operated cloud environment to demonstrate the practical scalability of our proposed designs to large-scale software systems. Our results indicate that the overhead introduced by ServiceWatch and CloudCover are acceptable for real-world deployments. Additionally, the security capabilities provided effectively mitigate threats present within these environments.
Description
Date
2023-05-31
Journal Title
Journal ISSN
Volume Title
Publisher
University of Kansas
Collections
Research Projects
Organizational Units
Journal Issue
Keywords
Computer science, Access Control, Cloud Computing, DevOps, Microservices, Network Security, Service Mesh