Towards secure and leak-free workflows using microservice isolation

Miller, Loic;Merindol, Pascal;Gallais, Antoine;Pelsser, Cristel
(2021) 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR) — Location: Paris, France (7.June.2021)

Files

Pelsser_ICTM27.pdf
  • Open Access
  • Adobe PDF
  • 1.11 MB
Download

Details

Authors
  • Miller, Loic
    Author
  • Merindol, Pascal
    Author
  • Gallais, Antoine
    Author
  • Pelsser, Cristelorcid-logoUCLouvain
    Author
Abstract
Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharma- ceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfig- ured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified pol- icy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.
Affiliations

Citations

  • APA
  • Chicago
  • FWB

Miller, L., Merindol, P., Gallais, A., & Pelsser, C. (2021). Towards secure and leak-free workflows using microservice isolation. In Institute of Electrical and Electronics Engineers (IEEE) (ed.), 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR). IEEE. https://doi.org/10.1109/hpsr52026.2021.9481820