Integrity protection against insiders in microservice-based infrastructures: From threats to a security framework

Mohsen Ahmadvand, Alexander Pretschner, Keith Ball, Daniel Eyring

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

Building microservices involves continuous modifications at design, deployment, and run times. The DevOps notion together with the “you built it, you run it” paradigm often result in a much larger number of developers with direct access to the production pipeline than in the case of monolithic systems. Reproducible builds and continuous delivery entail practices that further worsen this situation as they grant insiders with indirect accesses (scripted processes) to production machines. Moreover, managing microservices is heavily aided by governance tools (such as Kubernetes) that are configured and controlled by insiders. In this setting, accounting for malicious insiders quickly becomes a major concern. In this paper, we identify representative integrity threats to microservice-based systems in the broader context of a development process by analyzing real-world microservice-based systems. We show that even end-to-end encryption may fall short without adequate integrity protections. From the identified threats, we then derive a set of security requirements for holistic protection. Finally, we propose a framework that serves as a blueprint for insider-resistant integrity protection in microservices.

Original languageEnglish
Title of host publicationSoftware Technologies
Subtitle of host publicationApplications and Foundations - STAF 2018 Collocated Workshops, Revised Selected Papers
EditorsManuel Mazzara, Gwen Salaün, Iulian Ober
PublisherSpringer Verlag
Pages573-588
Number of pages16
ISBN (Print)9783030047702
DOIs
StatePublished - 2018
EventInternational Conference on Software Technologies: Applications and Foundations, STAF 2018 - Toulouse, France
Duration: 25 Jun 201829 Jun 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11176 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Software Technologies: Applications and Foundations, STAF 2018
Country/TerritoryFrance
CityToulouse
Period25/06/1829/06/18

Fingerprint

Dive into the research topics of 'Integrity protection against insiders in microservice-based infrastructures: From threats to a security framework'. Together they form a unique fingerprint.

Cite this