The characteristics of cloud native applications — like the inherent decentralization, the intricate threat model, and the presence of highly dynamic and interconnected microservices — bring forth a number of challenges to the security of the (often sensitive) data exchanged in cloud native applications. Besides, data security is not absolute, and its achievement must be mindful of relevant performance and usability aspects (e.g., minimal overhead, transparency, automation, interoperability with external services). In this work-in-progress paper, we discuss the use of Cryptographic Access Control (CAC) in sidecar proxies as a means to guarantee End-to-End (E2E) protection — in terms of confidentiality and integrity — for communications in cloud native applications, as well as usability and adaptable performance.
Work-in-Progress: A Sidecar Proxy for Usable and Performance-Adaptable End-to-End Protection of Communications in Cloud Native Applications
Berlato, Stefano
;Rizzi, Matteo;Franzil, Matteo;Cretti, Silvio;de Matteis, Pietro;Carbone, Roberto
2024-01-01
Abstract
The characteristics of cloud native applications — like the inherent decentralization, the intricate threat model, and the presence of highly dynamic and interconnected microservices — bring forth a number of challenges to the security of the (often sensitive) data exchanged in cloud native applications. Besides, data security is not absolute, and its achievement must be mindful of relevant performance and usability aspects (e.g., minimal overhead, transparency, automation, interoperability with external services). In this work-in-progress paper, we discuss the use of Cryptographic Access Control (CAC) in sidecar proxies as a means to guarantee End-to-End (E2E) protection — in terms of confidentiality and integrity — for communications in cloud native applications, as well as usability and adaptable performance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.