Angeliki Aktypi, Dimitris Karnikis, N. Vasilakis, Kasper Bonne Rasmussen
{"title":"Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing","authors":"Angeliki Aktypi, Dimitris Karnikis, N. Vasilakis, Kasper Bonne Rasmussen","doi":"10.1145/3538969.3538983","DOIUrl":null,"url":null,"abstract":"In serverless computing, applications are composed of stand-alone microservices that are invoked and scale up independently. Peer-to-peer protocols can be used to enable decentralized communication among the services that compose each application. This paper presents Themis, a framework for secure service-to-service interaction targeting these environments and the underlying service mesh architectures. Themis builds on a notion of decentralized identity management to allow confidential and authenticated service-to-service interaction without the need for a centralized certificate authority. Themis adopts a layered architecture. Its lower layer forms a core communication protocol pair that offers strong security guarantees without depending on a centralized point of authority. Building on this pair, an upper layer provides a series of actions related to communication and identifier management—e.g., store, find, and join. This paper analyzes the security properties of Themis’s protocol suite and shows how it provides a decentralized and flexible communication platform. The evaluation of our Themis prototype targeting serverless applications written in JavaScript shows that these security benefits come with small runtime latency and throughput overheads, and modest startup overheads.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3538983","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
In serverless computing, applications are composed of stand-alone microservices that are invoked and scale up independently. Peer-to-peer protocols can be used to enable decentralized communication among the services that compose each application. This paper presents Themis, a framework for secure service-to-service interaction targeting these environments and the underlying service mesh architectures. Themis builds on a notion of decentralized identity management to allow confidential and authenticated service-to-service interaction without the need for a centralized certificate authority. Themis adopts a layered architecture. Its lower layer forms a core communication protocol pair that offers strong security guarantees without depending on a centralized point of authority. Building on this pair, an upper layer provides a series of actions related to communication and identifier management—e.g., store, find, and join. This paper analyzes the security properties of Themis’s protocol suite and shows how it provides a decentralized and flexible communication platform. The evaluation of our Themis prototype targeting serverless applications written in JavaScript shows that these security benefits come with small runtime latency and throughput overheads, and modest startup overheads.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
