CAPODAZ: A Containerised Authorisation and Policy-driven Architecture using Microservices

Abstract The microservices architectural approach has important benefits regarding the agile applications’ development and the delivery of complex solutions. However, to convey the information and to share the data amongst services in a verifiable and stateless way, there is a need to enable appropriate access control methods and authorisations. In this paper, we study the use of policy-driven authorisations with independent fine-grained microservices in the case of a real-world machine-to-machine (M2M) scenario using a hybrid cloud-based infrastructure and Internet of Things (IoT) services. We also model the authentication flows which facilitate the message exchanges between the involved entities, and we propose a containerised authorisation and policy-driven architecture (CAPODAZ) using the microservices paradigm. The proposed architecture implements a policy-based management framework and integrates in an on-going work regarding a Cloud-IoT intelligent transportation service. For the in-depth quantitative evaluation, we treat multiple distributions of users’ populations and assess the proposed architecture against other similar microservices. The numerical results based on the experimental data show that there exists significant performance preponderance in terms of latency, throughput and successful requests.

[1]  Bashar Nuseibeh,et al.  Designing Privacy-aware Internet of Things Applications , 2017, Inf. Sci..

[2]  Wouter Joosen,et al.  Access Control with Delegated Authorization Policy Evaluation for Data-Driven Microservice Workflows , 2017, Future Internet.

[3]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[4]  Ramin Yahyapour,et al.  Policy Management Engine (PME): A policy-based schema to classify and manage sensitive data in cloud storages , 2017, J. Inf. Secur. Appl..

[5]  Wouter Joosen,et al.  PaaSHopper: Policy-driven middleware for multi-PaaS environments , 2014, Journal of Internet Services and Applications.

[6]  Yang Li,et al.  Service fabric: a distributed platform for building microservices in the cloud , 2018, EuroSys.

[7]  Rui Zhang,et al.  Fine-grained access control system based on fully outsourced attribute-based encryption , 2017, J. Syst. Softw..

[8]  Brij B. Gupta,et al.  Security, privacy & efficiency of sustainable Cloud Computing for Big Data & IoT , 2018, Sustain. Comput. Informatics Syst..

[9]  Daniel Zwillinger,et al.  CRC standard mathematical tables and formulae; 30th edition , 1995 .

[11]  Konstantinos Vandikas,et al.  Microservices in IoT clouds , 2016, 2016 Cloudification of the Internet of Things (CIoT).

[12]  Vijayalakshmi Atluri,et al.  The Policy Machine: A novel architecture and framework for access control policy specification and enforcement , 2011, J. Syst. Archit..

[13]  Ryszard Kowalczyk,et al.  Agent Enabled Adaptive Management of Cloud Service Provisioning , 2015, 2015 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT).

[14]  Christos Douligeris,et al.  A DSS model for IoT-based intelligent transportation systems , 2017, 2017 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).

[15]  Christos Douligeris,et al.  Transport services within the IoT ecosystem using localisation parameters , 2016, 2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).

[16]  Ather Sharif,et al.  Current security threats and prevention measures relating to cloud services, Hadoop concurrent processing, and big data , 2015, 2015 IEEE International Conference on Big Data (Big Data).

[17]  Ian Taylor,et al.  SWITCH workbench: A novel approach for the development and deployment of time-critical microservice-based cloud-native applications , 2019, Future Gener. Comput. Syst..

[18]  Hanlin Liu,et al.  Reliability modeling for dependent competing failure processes of damage self-healing systems , 2017, Comput. Ind. Eng..

[19]  W. Beyer CRC Standard Mathematical Tables and Formulae , 1991 .

[20]  V. Madhu Viswanatham,et al.  ADDRESSING SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING , 2013 .

[21]  S. Ganapathy,et al.  A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications , 2019, Comput. Networks.

[22]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[23]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[24]  Christos Douligeris,et al.  A policy-aware Service Oriented Architecture for secure machine-to-machine communications , 2018, Ad Hoc Networks.

[25]  J. D. Ultra,et al.  A simple model of separation of duty for access control models , 2017, Comput. Secur..

[26]  Ramin Yahyapour,et al.  Policy Engine as a Service (PEaaS): An Approach to a Reliable Policy Management Framework in Cloud Computing Environments , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[27]  Elisa Bertino,et al.  Policy-Driven Service Composition with Information Flow Control , 2010, 2010 IEEE International Conference on Web Services.

[28]  Christos Douligeris,et al.  An Identity and Access Management approach for SOA , 2016, 2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).

[29]  Claus Pahl,et al.  Microservices: The Journey So Far and Challenges Ahead , 2018, IEEE Softw..

[30]  Christos Douligeris,et al.  A Hybrid Cloud Computing Approach for Managing Spatial Data: A Case Study for Water Resources in Greece , 2014, 2014 Fifth International Conference on Computing for Geospatial Research and Application.

[31]  Malgorzata Steinder,et al.  Performance Evaluation of Microservices Architectures Using Containers , 2015, 2015 IEEE 14th International Symposium on Network Computing and Applications.

[32]  Roy D. Yates,et al.  Probability and stochastic processes : a friendly introduction for electrical and computer engineers , 1999 .

[33]  Marko Grobelnik,et al.  Key influencing factors of the Kubernetes auto-scaler for computing-intensive microservice-native cloud-based applications , 2020, Adv. Eng. Softw..

[34]  Stefan Kugele,et al.  Data-Centric Communication and Containerization for Future Automotive Software Architectures , 2018, 2018 IEEE International Conference on Software Architecture (ICSA).

[35]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[36]  Cees T. A. M. de Laat,et al.  Multi-tenant attribute-based access control for cloud infrastructure services , 2016, J. Inf. Secur. Appl..

[37]  Christina Delimitrou,et al.  The Architectural Implications of Cloud Microservices , 2018, IEEE Computer Architecture Letters.

[38]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.

[39]  Joshua Cook The Docker Engine , 2017 .

[40]  Ravi S. Sandhu,et al.  An Attribute-Based Access Control Extension for OpenStack and Its Enforcement Utilizing the Policy Machine , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[41]  Pin-Han Ho,et al.  Toward integrated Cloud-Fog networks for efficient IoT provisioning: Key challenges and solutions , 2018, Future Gener. Comput. Syst..

[42]  Richard Hill,et al.  Towards an understanding of microservices , 2017, 2017 23rd International Conference on Automation and Computing (ICAC).

[43]  Christos Douligeris,et al.  Performance evaluation of cloud systems: A behavioural approach , 2015, 2015 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT).

[44]  Mehran Abolhasan,et al.  PrivySharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities , 2020, Comput. Secur..

[45]  Ramin Yahyapour,et al.  A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications , 2017, 2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud).

[46]  Euripides G. M. Petrakis,et al.  Internet of Things as a Service (iTaaS): Challenges and solutions for management of sensor data on the cloud and the fog , 2018, Internet Things.

[47]  Danny Weyns,et al.  Self-managing Internet of Things , 2018, SOFSEM.

[48]  David Sánchez,et al.  Secure and privacy-preserving orchestration and delivery of fog-enabled IoT services , 2019, Ad Hoc Networks.