Intelligent Service Mesh Framework for API Security and Management

Hussain, Fatima; Li, Weiyue; Noye, Brett; Sharieh, Salah; Ferworn, Alexander

doi:10.1109/iemcon.2019.8936216

Cited by 20 publications

(11 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They focus on implementing deep visibility in the service mesh, and do not propose a security or a performance evaluation. Hussain et al [21] propose and implement a security framework for the creation of a secure API service mesh using Istio and Kubernetes. They then use a machine learning based model to automatically associate new APIs to already existing categories of service mesh.…”

Section: Related Workmentioning

confidence: 99%

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows. This shift towards the cloud environment has led to more and more data leaks and breaches, resulting in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry.In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zerotrust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

show abstract

“…Spring Security Framework [14][15][16] is a robust, highly customizable, comprehensive, and extensible open-source Java framework supporting authentication and authorization. Furthermore, it provides a solution to protect common external attacks [28][29][30][31][32][33][34][35][36][37], such as session fixation, clickjacking, CSRF, etc. For securing Spring-based applications, it is the de-facto standard.…”

Section: Basic Preliminariesmentioning

confidence: 99%

“…Microservice Architecture (MSA) [29][30][31][32][33][34][35][36][37] has arisen to describe a specific way of developing software systems for independently deployable services. The traditional monolithic software development approach suffers from the following drawbacks: bundled deployment as a single stack, intransigent scalability, high cost of resources and refactoring efforts, and DevOps challenges among dispersed teams [15,16].…”

Section: Basic Preliminariesmentioning

confidence: 99%

Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study

Chatterjee

Prinz

2022

Sensors

View full text Add to dashboard Cite

In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution’s procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome.

show abstract

“…Table 3 summarizes some complicated problems and possible solutions in API security research. Build an API security framework through the service grid, classify, share and aggregate API information, and improve the efficiency and security of API management [8]. Service grid access control has advantages and can enhance the authentication and authorization process.…”

Section: Opportunities and Challengesmentioning

confidence: 99%

Research Towards Key Issues of API Security

Sun¹,

Wang²,

Guo³

2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

With the mass application of virtualization, micro-services, and cloud-native technologies, the interaction between service entities through APIs has become a norm. Many platforms are still maintaining a large number of old APIs due to business needs. At the same time, many new APIs are gradually going online. Both of these statuses put forward higher requirements for API security. Focusing on old APIs’ security protection and other issues, this article starts from the process of asset discovery, vulnerability detection, and security auditing. Aiming at the problem of API asset discovery, this article summarizes the technical methods of automatically clustering unowned API assets using the characteristics of various commonly used APIs. Aiming at new API vulnerability detection, a security analysis method based on finite state machine is proposed. For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing in API communication become feasible. We designed a flowbased API security audit system to improve automated API protection. Finally, We analyzed technical opportunities and challenges of API security in detail and prospected for API security research’s next direction and development trend.

show abstract

Intelligent Service Mesh Framework for API Security and Management

Cited by 20 publications

References 3 publications

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study

Research Towards Key Issues of API Security

Contact Info

Product

Resources

About