Expressive Policies For Microservice Networks

Karuna Grewal, P. Brighten Godfrey, Justin Hsu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Microservice-based application deployments need to administer safety properties while serving requests. However, today such properties can be specified only in limited ways that can lead to overly permissive policies and the potential for illegitimate flow of information across microservices, or ad hoc policy implementations. We argue that a range of use cases require safety properties for the flow of requests across the whole microservice network, rather than only between adjacent hops. To begin specifying such expressive policies, we propose a system for declaring and deploying service tree policies. These policies are compiled down into declarative filters that are inserted into microservice deployment manifests. We use a light-weight dynamic monitor based enforcement mechanism, using ideas from automata theory. Experiments with our preliminary prototype show that we can capture a wide class of policies that we describe as case studies.

Original languageEnglish (US)
Title of host publicationHotNets 2023 - Proceedings of the 22nd ACM Workshop on Hot Topics in Networks
PublisherAssociation for Computing Machinery
Pages280-286
Number of pages7
ISBN (Electronic)9798400704154
DOIs
StatePublished - Nov 28 2023
Event22nd ACM Workshop on Hot Topics in Networks, HotNets 2023 - Cambridge, United States
Duration: Nov 28 2023Nov 29 2023

Publication series

NameHotNets 2023 - Proceedings of the 22nd ACM Workshop on Hot Topics in Networks

Conference

Conference22nd ACM Workshop on Hot Topics in Networks, HotNets 2023
Country/TerritoryUnited States
CityCambridge
Period11/28/2311/29/23

Keywords

  • Mircroservices
  • Security Automata
  • Service-mesh

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Expressive Policies For Microservice Networks'. Together they form a unique fingerprint.

Cite this