{"title":"微服务系统的实用纵深防御解决方案","authors":"Kai Jander, L. Braubach, A. Pokahr","doi":"10.5383/JUSPN.11.01.003","DOIUrl":null,"url":null,"abstract":"Microservices are a widely deployed pattern for implementing large-scale distributed systems. However, in order to harden the overall system and when crossing datacenter boundaries, the authenticity and confidentiality of microservice calls have to be secured even for internal calls. In practice, however, in many cases no internal security mechanisms are employed mainly due to the increased complexity on backend side. This complexity arises as result of standard security mechanisms like TLS requiring secrets for each involved microservice. Building on previous work [19], in this paper we present a novel communication architecture based on roles that on the one hand guarantees a high level of security and on the other hand remains easy to manage. The approach provides encryption, forward secrecy and protection against replay attacks even for out-of-order communication.","PeriodicalId":376249,"journal":{"name":"J. Ubiquitous Syst. Pervasive Networks","volume":"277 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Practical Defense-in-depth Solution for Microservice Systems\",\"authors\":\"Kai Jander, L. Braubach, A. Pokahr\",\"doi\":\"10.5383/JUSPN.11.01.003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Microservices are a widely deployed pattern for implementing large-scale distributed systems. However, in order to harden the overall system and when crossing datacenter boundaries, the authenticity and confidentiality of microservice calls have to be secured even for internal calls. In practice, however, in many cases no internal security mechanisms are employed mainly due to the increased complexity on backend side. This complexity arises as result of standard security mechanisms like TLS requiring secrets for each involved microservice. Building on previous work [19], in this paper we present a novel communication architecture based on roles that on the one hand guarantees a high level of security and on the other hand remains easy to manage. The approach provides encryption, forward secrecy and protection against replay attacks even for out-of-order communication.\",\"PeriodicalId\":376249,\"journal\":{\"name\":\"J. Ubiquitous Syst. Pervasive Networks\",\"volume\":\"277 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"J. Ubiquitous Syst. Pervasive Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5383/JUSPN.11.01.003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Ubiquitous Syst. Pervasive Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5383/JUSPN.11.01.003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Practical Defense-in-depth Solution for Microservice Systems
Microservices are a widely deployed pattern for implementing large-scale distributed systems. However, in order to harden the overall system and when crossing datacenter boundaries, the authenticity and confidentiality of microservice calls have to be secured even for internal calls. In practice, however, in many cases no internal security mechanisms are employed mainly due to the increased complexity on backend side. This complexity arises as result of standard security mechanisms like TLS requiring secrets for each involved microservice. Building on previous work [19], in this paper we present a novel communication architecture based on roles that on the one hand guarantees a high level of security and on the other hand remains easy to manage. The approach provides encryption, forward secrecy and protection against replay attacks even for out-of-order communication.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
