Enabling Security-Oriented Orchestration of Microservices

06/17/2021 ∙ by Marcela S. Melara, et al. ∙ 0

As cloud providers push multi-tenancy to new levels to meet growing scalability demands, ensuring that externally developed untrusted microservices will preserve tenant isolation has become a high priority. Developers, in turn, lack a means for expressing and automatically enforcing high-level application security requirements at deployment time. In this paper, we observe that orchestration systems are ideally situated between developers and the cloud provider to address these issues. We propose a security policy framework that enables security-oriented orchestration of microservices by capturing and auditing code properties that are incorporated into microservice code throughout the software supply chain. Orchestrators can leverage these properties to deploy microservices on a node that matches both the developer's and cloud provider's security policy and their resource requirements. We demonstrate our approach with a proof-of-concept based on the Private Data Objects [1] confidential smart contract framework, deploying code only after checking its provenance.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.