Architectural Approaches for Securing Cloud Native Microservices
DOI:
https://doi.org/10.15680/IJCTECE.2022.0503009Keywords:
Cloud Native Security, Zero Trust Security, Microservices Architecture, Service Mesh, API Security, Identity and Access ManagementAbstract
The research employs a quantitative method of investigating cloud native microservice security in terms of architecture concepts. The results show that, unlike traditional API gateway architectures of 28% and 48%, the Zero Trust architecture increases internal traffic encryption (95%), and it reduces attack surface (62%). The service mesh models offer better blast radius containment to 4/4 at the expense of higher CPU consumption by 22 and delay up to 18. Converting the traditional to the Zero Trust systems decreases identity complexity from 8.2 to 4.3. The paper highlights trade-offs between the strength of security, performance overhead and scalability in distributed microservices systems in a cloud environment.
References
[1] A. Pereira-Vale, E. B. Fernandez, R. Monge, H. Astudillo, and G. Márquez, “Security in microservice-based systems: A Multivocal literature review,” Computers & Security, vol. 103, p. 102200, Jan. 2021, doi: 10.1016/j.cose.2021.102200.
[2] A. Hannousse and S. Yahiouche, “Securing microservices and microservice architectures: A systematic mapping study,” Computer Science Review, vol. 41, p. 100415, Jun. 2021, doi: 10.1016/j.cosrev.2021.100415.
[3] N. Mateus-Coelho, M. Cruz-Cunha, and L. G. Ferreira, “Security in microservices Architectures,” Procedia Computer Science, vol. 181, pp. 1225–1236, Jan. 2021, doi: 10.1016/j.procs.2021.01.320.
[4] L. Bradatsch, F. Kargl, and O. Miroshkin, “Zero trust service function chaining,” arXiv.org, Jul. 19, 2021. https://arxiv.org/abs/2107.08671
[5] S. Rodigari, D. O’Shea, P. McCarthy, M. McCarry, and S. McSweeney, “Performance Analysis of Zero-Trust multi-cloud,” arXiv.org, May 05, 2021. https://arxiv.org/abs/2105.02334
[6] A. Barabanov and D. Makrushin, “Authentication and authorization in microservice-based systems: survey of architecture patterns,” arXiv (Cornell University), Sep. 2020, doi: 10.48550/arxiv.2009.02114.
[7] D. Berardi, S. Giallorenzo, J. Mauro, A. Melis, F. Montesi, and M. Prandini, “Microservice security: a systematic literature review,” PeerJ Computer Science, vol. 7, p. e779, Jan. 2022, doi: 10.7717/peerj-cs.779.
[8] R. Xu, S. Y. Nikouei, Y. Chen, E. Blasch, and A. Aved, “BlendMAS: a BLockChain-ENabled decentralized microservices architecture for smart public safety,” arXiv (Cornell University), Feb. 2019, doi: 10.48550/arxiv.1902.10567.
[9] A. Banijamali, P. Jamshidi, P. Kuvaja, and M. Oivo, “KUKSA: a Cloud-Native architecture for enabling continuous delivery in the automotive domain,” arXiv.org, Oct. 22, 2019. https://arxiv.org/abs/1910.10190
[10] Y. Gan and C. Delimitrou, “The architectural implications of microservices in the cloud,” arXiv (Cornell University), May 2018, doi: 10.48550/arxiv.1805.10351.
