With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface
| Title | With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Chen, Chien-An |
| Conference Name | 2019 IEEE Cybersecurity Development (SecDev) |
| Date Published | Sept. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-7289-1 |
| Keywords | attack surface, Cloud Native, container, Docker, Kubernetes, Metrics, microservices, pubcrawl, resilience, Resiliency, Scalability |
| Abstract | While the IT industry is embracing the cloud-native technologies, migrating from monolithic architecture to service-oriented architecture is not a trivial process. It involves a lot of dissection and abstraction. The layer of abstraction designed for simplifying the development quickly becomes the barrier of visibility and the source of misconfigurations. The complexity may give microservices a larger attack surface compared to monolithic applications. This talk presents a microservices threat modeling that uncovers the attack vectors hidden in each abstraction layer. Scenarios of security breaches in microservices platforms are discussed, followed by the countermeasures to close these attack vectors. Finally, a decision-making process for architecting secure microservices is presented. |
| URL | https://ieeexplore.ieee.org/document/8901600 |
| DOI | 10.1109/SecDev.2019.00027 |
| Citation Key | chen_great_2019 |