Design and Evaluation of Security-Focused Service Meshes for Management of Microservice Deployments
View/ Open
Issue Date
2023-05-31Author
Brucker-Hahn, Dalton A
Publisher
University of Kansas
Format
124 pages
Type
Dissertation
Degree Level
D.Eng.
Discipline
Electrical Engineering & Computer Science
Rights
Copyright held by the author.
Metadata
Show full item recordAbstract
Shifting trends in modern software engineering and cloud computing have pushed system designs to leverage containerization and develop their systems into microservice architectures. While microservice architectures emphasize scalability and ease-of-development, the issue of microservice explosion has emerged, stressing hosting environments and generating new challenges within this domain. Service meshes, the latest in a series of developments, are being adopted to meet these needs. Service meshes provide separation of concerns between microservice development and the operational concerns of microservice deployments, such as service discovery and networking. However, despite the benefits provided by service meshes, the security demands of this domain are unmet by the current state-of-art offerings.Through a series of experimental trials in a service mesh testbed, we demonstrate a need for improved security mechanisms in the state-of-art offerings of service meshes. After deriving a series of domain-conscious recommendations to improve the longevity and flexibility of service meshes, we design and implement two proof-of-concept service mesh systems, Anvil and ServiceFRESH to facilitate frequent, automated rotation of security artifacts (keys, certificates, and tokens), within service mesh deployments. Anvil is a novel, standalone service mesh with automated, zero-downtime artifact rotations, while ServiceFRESH is a best-effort service mesh rotation module for use alongside a current state-of-art service mesh, Consul. The next prototype designed and developed as part of this work, ServiceWatch leverages these frequent security artifact refreshments and introduces a novel access control monitoring scheme. ServiceWatch effectively provides holistic monitoring and management of the microservice deployments it hosts. Further, ServiceWatch automatically isolates and removes microservices that violate the defined network policies of the service mesh, requiring no system administrator intervention. Extending this proof-of-concept environment, we design and implement a prototype workflow called CloudCover.CloudCover introduces a verification-in-the-loop scheme and leverages modern service mesh tools, allowing easy adoption of these novel security mechanisms into state-of-art deployments. Under a realistic and relevant threat model, we show how our design choices and improvements are both necessary and beneficial to real-world deployments. By examining network packet captures, we provide a theoretical analysis of the scalability of these solutions in real-world networks. We further extend these trials experimentally using an independently managed and operated cloud environment to demonstrate the practical scalability of our proposed designs to large-scale software systems. Our results indicate that the overhead introduced by ServiceWatch and CloudCover are acceptable for real-world deployments. Additionally, the security capabilities provided effectively mitigate threats present within these environments.
Collections
- Dissertations [4718]
Items in KU ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
We want to hear from you! Please share your stories about how Open Access to this item benefits YOU.