Integrity Protection Against Insiders in Microservice-Based Infrastructures: From Threats to a Security Framework

Building microservices involves continuous modifications at design, deployment, and run times. The DevOps notion together with the “you built it, you run it” paradigm often result in a much larger number of developers with direct access to the production pipeline than in the case of monolithic systems. Reproducible builds and continuous delivery entail practices that further worsen this situation as they grant insiders with indirect accesses (scripted processes) to production machines. Moreover, managing microservices is heavily aided by governance tools (such as Kubernetes) that are configured and controlled by insiders. In this setting, accounting for malicious insiders quickly becomes a major concern. In this paper, we identify representative integrity threats to microservice-based systems in the broader context of a development process by analyzing real-world microservice-based systems. We show that even end-to-end encryption may fall short without adequate integrity protections. From the identified threats, we then derive a set of security requirements for holistic protection. Finally, we propose a framework that serves as a blueprint for insider-resistant integrity protection in microservices.

[1]  Alexander Pretschner,et al.  Enhancing Operation Security using Secret Sharing , 2016, SECRYPT.

[2]  Hongxia Jin,et al.  Forensic analysis for tamper resistant software , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[3]  Rüdiger Kapitza,et al.  Secure Cloud Micro Services Using Intel SGX , 2017, DAIS.

[4]  Men Long,et al.  A hypervisor-based system for protecting software runtime memory and persistent storage , 2008, SpringSim '08.

[5]  Markus Jakobsson,et al.  Practical and Secure Software-Based Attestation , 2011, 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications.

[6]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[7]  Sachin Shetty,et al.  Man in the Cloud (MITC) Defender: SGX-Based User Credential Protection for Synchronization Applications in Cloud Computing Platform , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[8]  Dimitris Gritzalis,et al.  The Insider Threat in Cloud Computing , 2011, CRITIS.

[9]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[10]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX ATC.

[11]  Mohsen Ahmadvand,et al.  Requirements Reconciliation for Scalable and Secure Microservice (De)composition , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[12]  Tommi Mikkonen,et al.  Challenges When Moving from Monolith to Microservice Architecture , 2017, ICWE Workshops.

[13]  Paolo Falcarin,et al.  A Reference Architecture for Software Protection , 2016, 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA).

[14]  Franco Callegati,et al.  Cloud-of-Things meets Mobility-as-a-Service: An insider threat perspective , 2017, Comput. Secur..

[15]  Lorenzo Martignoni,et al.  Conqueror: Tamper-Proof Code Execution on Legacy Systems , 2010, DIMVA.

[16]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[17]  Alexander Pretschner,et al.  Software-Based Protection against Changeware , 2015, CODASPY.

[18]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[19]  Alexander Pretschner,et al.  Implementing Trust in Cloud Infrastructures , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[20]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[21]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[22]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[23]  Alexander Pretschner,et al.  Chapter Eight - A Taxonomy of Software Integrity Protection Techniques , 2019, Adv. Comput..

[24]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[25]  Fabrizio Montesi,et al.  Microservices: Yesterday, Today, and Tomorrow , 2017, Present and Ulterior Software Engineering.

[26]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[27]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.