Samodha Pallewatta,Muhammad Ali Babar

2024-06-28

Abstract:IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information. The independently deployable and scalable nature of microservices enables dynamic utilization of edge and cloud resources provided by various service providers, thus improving performance. However, IoT data security should be ensured during multi-domain data processing and transmission among distributed and dynamically composed microservices. The ability to implement granular security controls at the microservices level has the potential to solve this. To this end, edge-cloud environments require intricate and scalable security frameworks that operate across multi-domain environments to enforce various security policies during the management of microservices (i.e., initial placement, scaling, migration, and dynamic composition), considering the sensitivity of the IoT data. To address the lack of such a framework, we propose an architectural framework that uses Policy-as-Code to ensure secure microservice management within multi-domain edge-cloud environments. The proposed framework contains a "control plane" to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies. We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Kubernetes, Istio, and Open Policy Agent to validate the framework. Evaluations verify our proposed framework's ability to enforce security policies for distributed microservices management, thus harvesting the MSA characteristics to ensure IoT application security needs.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Software Engineering

Loïc Miller,Pascal Mérindol,Antoine Gallais,Cristel Pelsser

DOI: https://doi.org/10.48550/arXiv.2012.06300

2020-12-11

Abstract:Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.

Cryptography and Security

Irum Rauf,Elena Troubitsyna

DOI: https://doi.org/10.48550/arXiv.1805.05519

2018-05-15

Software Engineering

Abstract:The widespread adoption of cloud computing has resulted in the proliferation of open source cloud computing frameworks that give more control to enterprises over their data and networks. Though the benefits of open source software are widely recognized, there is a growing concern over their security assurance. Often open source software is a subject of frequent updates. The updates might introduce or remove a variety of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. In this work, we propose an automated approach that can help developers to assure the security of open source cloud framework even in the presence of frequent releases. Our methodology consists of creating a (stateful) wrapper that emulates the usage scenarios with explicit representation of security and functional requirements as contracts. We use a model-driven approach to model REST APIs of KeyStone, an identity service in OpenStack. OpenStack is an open source cloud computing framework providing IaaS. Our models define structural and behavioral properties of Keystone together with its security requirements. We detail the implementation of these models in Django Web Framework and also show how to use the behavioral interfaces to implement a service monitor for the cloud services. This mechanism facilitates verification and validation of functional behavior and security requirement in an automated manner.

Stephen S. Yau,Yisheng Yao

2006-01-01

Abstract:A major advantage of the emerging service-oriented computing technology is its ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. For these systems which often involve interactions among multiple organizations over various networks, how to manage and enforce security policies is the prime concern in assuring that only authorized users or systems have the access to massively available services. However, with the increasing scalability and flexibility required by the dynamic service-oriented computing environments, manage and enforce security policies in such systems is a very challenging task. Existing research efforts have not sufficiently addressed this challenging task for enabling systematic security policy management and enforcement in service-oriented systems. In this dissertation research, a framework based on formal foundations is developed for dynamically, yet systematically, managing and enforcing security policies in service-oriented systems. This framework includes a security policy meta-model and a runtime security policy execution model for security decision making and enforcement. The security policy meta-model will be used to provide unambiguous security policy specifications and to facilitate sound and complete security policy reasoning, such as consistency checking, redundancy analysis, security policy specification composition, and automated security service synthesis from declarative security policy specifications. Analysis of expressiveness of this security policy meta-model is also provided in this dissertation. The runtime security policy execution model is developed for enforcing the security policies with provable correctness. This framework will also include tools for generating and deploying security services to compute and enforce security decisions based on security policies, credentials and situational information. With this framework, various parties of large-scale service-oriented systems can easily manage and enforce security policies to meet their security requirements under various situations. Examples are provided to show the effectiveness of the framework.

Oldooz Karimi

DOI: https://doi.org/10.48550/arXiv.1108.1314

2011-08-05

Abstract:In this article, we examine how security applies to Service Oriented Architecture (SOA). Before we discuss security for SOA, lets take a step back and examine what SOA is. SOA is an architectural approach which involves applications being exposed as "services". Originally, services in SOA were associated with a stack of technologies which included SOAP, WSDL, and UDDI. This article addresses the defects of traditional enterprise application integration by combining service oriented-architecture and web service technology. Application integration is then simplified to development and integration of services to tackle connectivity of isomerous enterprise application integration, security, loose coupling between systems and process refactoring and optimization.

Software Engineering

Yunfei Meng,Zhiqiu Huang,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.2105.12935

2021-05-27

Cryptography and Security

Abstract:Aiming at the privacy preservation of dynamic Web service composition, this paper proposes a SDN-based runtime security enforcement approach for privacy preservation of dynamic Web service composition. The main idea of this approach is that the owner of service composition leverages the security policy model (SPM) to define the access control relationships that service composition must comply with in the application plane, then SPM model is transformed into the low-level security policy model (RSPM) containing the information of SDN data plane, and RSPM model is uploaded into the SDN controller. After uploading, the virtual machine access control algorithm integrated in the SDN controller monitors all of access requests towards service composition at runtime. Only the access requests that meet the definition of RSPM model can be forwarded to the target terminal. Any access requests that do not meet the definition of RSPM model will be automatically blocked by Openflow switches or deleted by SDN controller, Thus, this approach can effectively solve the problems of network-layer illegal accesses, identity theft attacks and service leakages when Web service composition is running. In order to verify the feasibility of this approach, this paper implements an experimental system by using POX controller and Mininet virtual network simulator, and evaluates the effectiveness and performance of this approach by using this system. The final experimental results show that the method is completely effective, and the method can always get the correct calculation results in an acceptable time when the scale of RSPM model is gradually increasing.

Valentina Casola,Alessandra De Benedictis,Madalina Erascu,Jolanda Modic,Massimiliano Rak

DOI: https://doi.org/10.1109/tsc.2016.2540630

IF: 11.019

2017-09-01

IEEE Transactions on Services Computing

Abstract:Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.

computer science, information systems, software engineering

Montida Pattaranantakul,Ruan He,Zonghua Zhang,Ahmed Meddahi,Ping Wang

DOI: https://doi.org/10.1109/TDSC.2018.2889709

2021-01-01

Abstract:AbstractNetwork Functions Virtualization (NFV) has been widely recognized as an effective way to implement and consolidate hardware-based network functions by using software-based approaches, with a potential to significantly reducing CAPEX and OPEX. In particular, NFV orchestrators (e.g., Tacker, Cloudify, and ONAP) play a vital role in managing and orchestrating various virtualized network resources (e.g., VMs, Virtualized Network Functions), and TOSCA is one of the standard data models to fulfil such a role. However, it remains unclear how the security mechanisms can be seamlessly integrated into the entire lifecycle of those virtualized network assets. Starting with a comparative analysis on the available NFV orchestrators, we extend the TOSCA model to incorporate security attributes of interest, and leverage the extended model to create access control policies at cloud scale. Specifically, a security orchestrator is developed, which contains a TOSCA-parser and a novel tenant-specific access control paradigm. One of the salient features of our security orchestrator is that it allows to dynamically generate access control models and policies for different tenant domains, resulting in a flexible and scalable protection coverage that is across different NFV layers and multiple data centers. To validate its feasibility and effectiveness, we develop a security orchestrator prototype and test its performance with respect to throughput, scalability, and adaptability. The experimental results demonstrate that all the desirable properties can be achieved, and the throughput of our security orchestrator can be maintained at a satisfactory level regardless of the varying number of tenants, users, or objects that are deployed in the cloud.

Shankar Dheeraj Konidena

DOI: https://doi.org/10.38124/ijisrt/ijisrt24may2361

2024-06-06

Abstract:Over the past few years, the paradigm shift towards cloud computing has transformed and revolutionized how organizations manage high- performance workloads. The microservices architecture, renowned for its modularity and scalability, is increasingly being adopted to run these workloads in cloud environments. However, this transition is not without its challenges, particularly in security. This research article delves into the methods for securely running high-performance workloads as microservices in cloud environments, presenting the advantages and the challenges involved. The study aims to develop a comprehensive framework that not only addresses these security concerns but also optimizes performance, a crucial aspect in today's digital landscape. This research is a testament to our commitment to thoroughness and precision, as it combines both qualitative and quantitative approaches. Qualitative data were meticulously gathered through interviews with 15 cloud security experts, providing invaluable insights into prevalent security practices and challenges. Quantitative data, on the other hand, were collected from performance benchmarks that rigorously compared traditional monolithic applications with microservices- based applications in a cloud setting. The study employs robust statistical analysis tools such as SPSS and Grafana to analyze the collected data, ensuring the validity and reliability of our findings. Key interview findings highlighted critical security measures necessary for microservices, including service authentication, data encryption, and vulnerability management. The performance benchmarks revealed that microservices- based applications significantly outperformed monolithic applications, with notable improvements in CPU utilization, memory usage, and response time. For instance, the microservices architecture demonstrated a 21% reduction in CPU utilization and a 12% decrease in memory usage compared to its monolithic counterpart. The proposed framework integrates robust security practices, ensuring secure authentication, encrypted data transmission, and regular updates to mitigate vulnerabilities. This framework enhances security and optimizes resource allocation, leading to improved performance metrics.

Abdelhakim Hannousse,Salima Yahiouche

DOI: https://doi.org/10.1016/j.cosrev.2021.100415

IF: 8.757

2021-08-01

Computer Science Review

Abstract:<p>Microservice architectures (MSA) are becoming trending alternatives to existing software development paradigms notably for developing complex and distributed applications. Microservices emerged as an architectural design pattern aiming to address the scalability and ease the maintenance of online services. However, security breaches have increased threatening availability, integrity and confidentiality of microservice-based systems. A growing body of literature is found addressing security threats and security mechanisms to individual microservices and microservice architectures. The aim of this study is to provide a helpful guide to developers about already recognized threats on microservices and how they can be detected, mitigated or prevented; we also aim to identify potential research gaps on securing MSA. In this paper, we conduct a systematic mapping in order to categorize threats on MSA with their security proposals. Therefore, we extracted threats and details of proposed solutions reported in selected studies. Obtained results are used to design a lightweight ontology for security patterns of MSA. The ontology can be queried to identify source of threats, security mechanisms used to prevent each threat, applicability layer and validation techniques used for each mechanism. The systematic search yielded 1067 studies of which 46 are selected as primary studies. The results of the mapping revealed an unbalanced research focus in favor of external attacks; auditing and enforcing access control are the most investigated techniques compared with prevention and mitigation. Additionally, we found that most proposed solutions are soft-infrastructure applicable layer compared with other layers such as communication and deployment. We also found that performance analysis and case studies are the most used validation techniques of security proposals.</p>

computer science, information systems, theory & methods, software engineering

Alejandro Molina Zarca,Miloud Bagaa,Jorge Bernal Bernabe,Tarik Taleb,Antonio F Skarmeta

DOI: https://doi.org/10.3390/s20133622

2020-06-27

Abstract:IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Marius Schlegel

DOI: https://doi.org/10.48550/arXiv.2105.01970

2021-05-05

Abstract:While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture AppSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and thus to easily tailor an AppSPEAR implementation to individual application requirements. We especially argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on an electronic medical record system.

Cryptography and Security

Yang Luo,Wu Luo,Tian Puyang,Qingni Shen,Anbang Ruan,Zhonghai Wu

DOI: https://doi.org/10.1109/cloud.2016.0017

2016-01-01

Abstract:The access control mechanisms of existing cloud systems, mainly OpenStack, fail to provide two key factors: i) centralized access mediation and ii) flexible policy customization. This situation prevents cloud administrators and end customers from enhancing their security. Furthermore, a variety of clouds have implemented their access control systems and policies in separated ways. This might confuse the customers whose businesses are built on multiple clouds, as they have to take efforts to accommodate their policies for different platforms. The OpenStack Security Modules (OSM) project has developed a least-invasive access control framework for OpenStack to enable different access control models to be implemented as loadable modules. This framework can be a good replacement of the existing permission checks in OpenStack and other platforms. We also propose an integration mechanism for multiple policies to form a single decision. This paper presents the design and implementation of OSM, including a new service called patron and an attachment module called access endpoint middleware (AEM). Experiments on the tempest benchmark indicate that OSM has improved the flexibility and security of policy management without affecting other services. Meantime, the average performance overhead remains as low as 7.3%, which is acceptable for practical use.

Xiang Wang,Zhi Liu,Jun Li,Baohua Yang,Yaxuan Qi

DOI: https://doi.org/10.1109/icccn.2014.6911782

2014-01-01

Abstract:Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.

Glenn Osborne,Tim Weninger

DOI: https://doi.org/10.1109/ICWS.2016.84

2016-04-25

Abstract:Service-Oriented Computing is a paradigm that uses services as building blocks for building distributed applications. The primary motivation for orchestrating services in the cloud used to be distributed business processes, which drove the standardization of the Business Process Execution Language (BPEL) and its central notion that a service is a business process. In recent years, there has been a transition towards other motivations for orchestrating services in the cloud, {\em e.g.}, XaaS, RMAD. Although it is theoretically possible to make all of those services into WSDL/SOAP services, it would be too complicated and costly for industry adoption. Therefore, the central notion that a service is a business process is too restrictive. Instead, we view a service as a technology neutral, loosely coupled, location transparent procedure. With these ideas in mind, we introduce a new approach to services orchestration: Ozy, a general orchestration container. We define this new approach in terms of existing technology, and we show that the Ozy container relaxes many traditional constraints and allows for simpler, more feature-rich applications.

Software Engineering,Distributed, Parallel, and Cluster Computing

Murad Kablan,Carlee Joe-Won,Sangtae Ha,Hani Jamjoom,Eric Keller

DOI: https://doi.org/10.48550/arXiv.1509.09057

2015-09-30

Abstract:Today's cloud apps are built from many diverse services that are managed by different parties. At the same time, these parties, which consume and/or provide services, continue to rely on arcane static security and entitlements models. In this paper, we introduce Seit, an inter-tenant framework that manages the interactions between cloud services. Seit is a software-defined reputation-based framework. It consists of two primary components: (1) a set of integration and query interfaces that can be easily integrated into cloud and service providers' management stacks, and (2) a controller that maintains reputation information using a mechanism that is adaptive to the highly dynamic environment of the cloud. We have fully implemented Seit, and integrated it into an SDN controller, a load balancer, a cloud service broker, an intrusion detection system, and a monitoring framework. We evaluate the efficacy of Seit using both an analytical model and a Mininet-based emulated environment. Our analytical model validate the isolation and stability properties of Seit. Using our emulated environment, we show that Seit can provide improved security by isolating malicious tenants, reduced costs by adapting the infrastructure without compromising security, and increased revenues for high quality service providers by enabling reputation to impact discovery.

Networking and Internet Architecture

Adriana Szekeres,Irene Zhang,Katelin Bailey,Isaac Ackerman,Haichen Shen,Franziska Roesner,Dan R. K. Ports,Arvind Krishnamurthy,Henry M. Levy

DOI: https://doi.org/10.48550/arXiv.2008.06536

2020-08-14

Cryptography and Security

Abstract:Today's mobile devices sense, collect, and store huge amounts of personal information, which users share with family and friends through a wide range of applications. Once users give applications access to their data, they must implicitly trust that the apps correctly maintain data privacy. As we know from both experience and all-too-frequent press articles, that trust is often misplaced. While users do not trust applications, they do trust their mobile devices and operating systems. Unfortunately, sharing applications are not limited to mobile clients but must also run on cloud services to share data between users. In this paper, we leverage the trust that users have in their mobile OSes to vet cloud services. To do so, we define a new Secure Application Flow Enforcement (SAFE) framework, which requires cloud services to attest to a system stack that will enforce policies provided by the mobile OS for user data. We implement a mobile OS that enforces SAFE policies on unmodified mobile apps and two systems for enforcing policies on untrusted cloud services. Using these prototypes, we demonstrate that it is possible to enforce existing user privacy policies on unmodified applications.

Lorenzo Bacchiani,Mario Bravetti,Saverio Giallorenzo,Jacopo Mauro,Iacopo Talevi,Gianluigi Zavattaro

DOI: https://doi.org/10.48550/arXiv.2008.01638

2020-09-30

Abstract:Following previous work on the automated deployment orchestration of component based applications, where orchestrations are expressed in terms of behaviours satisfying component interface functional dependences, we develop a formal model specifically tailored for microservice architectures. The first result that we obtain is decidability of the problem of synthesizing optimal deployment orchestrations for microservice architectures, a problem that is, instead, undecidable for generic component-based applications. We, thus, show how optimal deployment orchestrations can be synthesized and how, by using such orchestrations we can devise a procedure for run-time adaptation based on performing global reconfigurations. Finally, we evaluate the applicability of our approach on a realistic microservice architecture taken from the literature. In particular, we use the high-level object-oriented probabilistic and timed process algebra Abstract Behavioural Specification (ABS) to model such a case study and to simulate it. The results of simulation show the advantages of global reconfiguration w.r.t. local adaptation.

Distributed, Parallel, and Cluster Computing

Chaitanya K. Rudrabhatla

DOI: https://doi.org/10.48550/arXiv.2008.03395

2020-08-08

Abstract:Micro service architecture has revolutionized the landscape for the development of web and mobile applications alike. Due to the stateless nature and loose coupling involved in the design of micro services, native mobile applications can be developed by utilizing the same backend services which feed the inputs to the web application front ends. Extending the same concept, a plethora of automated devices, thanks to the advancements in the field of IOT, have come into existence which can feed on the same set of micro services. This concept of build once and utilize for many use cases has become a new norm in the enterprise design patterns. To handle the horizontal scalability needs of so many calling clients, significant advancements have been made on the containerization and their orchestration strategies on the public cloud platforms. However, scalable design techniques have led to the increased exposure of backend services to unwanted entities. This broadened the attack surface and also the risk. On top of it the mix of heterogeneous technologies in MSA, their distinct logging strategies, makes the central logging difficult, which in turn loosens the security. Additionally, the complexity around building the resilience for fault tolerance across the decentralized networks, adds to the security loop holes. The simple security designs which were once used with traditional web applications cannot be used for Microservice based applications. This paper articulates the innovative approaches of handling the security needs involved in protection of distributed services in Microservice architecture.

Cryptography and Security