Withdraw
Loading…
Capabilities for cross-layer micro-service security
Sprabery, Read
Loading…
Permalink
https://hdl.handle.net/2142/100978
Description
- Title
- Capabilities for cross-layer micro-service security
- Author(s)
- Sprabery, Read
- Issue Date
- 2018-04-15
- Director of Research (if dissertation) or Advisor (if thesis)
- Campbell, Roy
- Doctoral Committee Chair(s)
- Campbell, Roy
- Committee Member(s)
- Gunter, Carl
- Bates, Adam
- Okhravi, Hamed
- Department of Study
- Computer Science
- Discipline
- Computer Science
- Degree Granting Institution
- University of Illinois at Urbana-Champaign
- Degree Name
- Ph.D.
- Degree Level
- Dissertation
- Keyword(s)
- take-grant
- security
- cloud computing
- micro-services
- virtual machine
- intrusion detection
- capabilities
- capability
- compiler
- memory protection
- Abstract
- Shared infrastructure computing has become ubiquitous; from the smallest start-up deploying on a multi-tenant cloud to the largest corporations whose separate branches all deploy to a shared private cloud. In both cases, the security challenges are similar and are unique from the legacy model of deploying monolithic applications on dedicated hardware. In the case of a multi-tenant cloud deployment, attacks can stem from other tenants who are not part of the same security domain, be that a different security-level within a single organization, or distinct organizations on a public cloud. In addition to nearly ubiquitous adoption of shared infrastructure, the rise of so called “micro-services” poses a set of unique challenges and advantages to security. The micro-service moniker stems from the idea of a Service Oriented Architecture (SOA) with a focus on having a small code base for each component of an application. The SOA approach is complimented by the DevOps movement in which software development practices are being applied to operations. These development and deployment techniques are here to stay as they enable more thorough testing, reliable deployment, and calability that previous software architectures only supported with extensive rewriting. In this dissertation, we focus on providing security to this new paradigm of computing. These trends force us to face security challenges unique to cloud computing such as passive cache-based side-channel attacks. In addition to new challenges, this new paradigm also affords us better tools and services due to the well-defined behavior of micro-services. Here, we focus on mitigating security risks by leveraging the Principle of Least Privilege (PoLP) at every layer of the stack: the interface between the operating system and the hardware, the system call interface, and within individual applications. We implement the PoLP through layer specific capabilities by mapping the security challenges present in cloud computing to a Take-Grant relational model between subjects. We conceptually extend the notion of “subject” to include subjects at every layer of the cloud stack. Additionally, we explore adding more trust guarantees to subject relationship monitoring. Finally, we explore fine grained memory operations within a micro-service that can impact a micro-service’s relationships with other subjects in the system.
- Graduation Semester
- 2018-05
- Type of Resource
- text
- Permalink
- http://hdl.handle.net/2142/100978
- Copyright and License Information
- Copyright 2018 Read Sprabery
Owning Collections
Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at IllinoisDissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer ScienceManage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…