@inproceedings{68da8ad1bf294633af1dcec4ff34ef29,
title = "Expressive Policies For Microservice Networks",
abstract = "Microservice-based application deployments need to administer safety properties while serving requests. However, today such properties can be specified only in limited ways that can lead to overly permissive policies and the potential for illegitimate flow of information across microservices, or ad hoc policy implementations. We argue that a range of use cases require safety properties for the flow of requests across the whole microservice network, rather than only between adjacent hops. To begin specifying such expressive policies, we propose a system for declaring and deploying service tree policies. These policies are compiled down into declarative filters that are inserted into microservice deployment manifests. We use a light-weight dynamic monitor based enforcement mechanism, using ideas from automata theory. Experiments with our preliminary prototype show that we can capture a wide class of policies that we describe as case studies.",
keywords = "Mircroservices, Security Automata, Service-mesh",
author = "Karuna Grewal and Godfrey, {P. Brighten} and Justin Hsu",
note = "Publisher Copyright: {\textcopyright} 2023 Owner/Author.; 22nd ACM Workshop on Hot Topics in Networks, HotNets 2023 ; Conference date: 28-11-2023 Through 29-11-2023",
year = "2023",
month = nov,
day = "28",
doi = "10.1145/3626111.3628181",
language = "English (US)",
series = "HotNets 2023 - Proceedings of the 22nd ACM Workshop on Hot Topics in Networks",
publisher = "Association for Computing Machinery",
pages = "280--286",
booktitle = "HotNets 2023 - Proceedings of the 22nd ACM Workshop on Hot Topics in Networks",
address = "United States",
}