Security-as-a-service for microservices-based cloud applications

Yuqiong Sun, Susanta Nanda, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

67 Scopus citations

Abstract

Microservice architecture allows different parts of an application to be developed, deployed and scaled independently, therefore becoming a trend for developing cloud applications. However, it comes with challenging security issues. First, the network complexity introduced by the large number of microservices greatly increases the difficulty in monitoring the security of the entire application. Second, microservices are often designed to completely trust each other, therefore compromise of a single microservice may bring down the entire application. The problems are only exacerbated by the cloud, since applications no longer have complete control over their networks. In this paper, we propose a design for security-as-a-service for microservices-based cloud applications. By adding a new API primitive FlowTap for the network hypervisor, we build a flexible monitoring and policy enforcement infrastructure for network traffic to secure cloud applications. We demonstrate the effectiveness of our solution by deploying the Bro network monitor using FlowTap. Results show that our solution is flexible enough to support various kinds of monitoring scenarios and policies and it incurs minimal overhead (~6%) for real world usage. As a result, cloud applications can leverage our solution to deploy network security monitors to flexibly detect and block threats both external and internal to their network.

Original languageEnglish (US)
Title of host publicationProceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages50-57
Number of pages8
ISBN (Electronic)9781467395601
DOIs
StatePublished - Feb 1 2016
Event7th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2015 - Vancouver, Canada
Duration: Nov 30 2015Dec 3 2015

Publication series

NameProceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015

Other

Other7th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2015
Country/TerritoryCanada
CityVancouver
Period11/30/1512/3/15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'Security-as-a-service for microservices-based cloud applications'. Together they form a unique fingerprint.

Cite this