Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture
As cloud adoption increases, cloud providers are competing to build more robust and secure platforms to keep growing and attract more users by ensuring their data is highly available but not susceptible to malicious attacks. Many cloud platforms are distributed systems based on a microservices archi...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Published: |
Massachusetts Institute of Technology
2024
|
| Online Access: | https://hdl.handle.net/1721.1/156983 https://orcid.org/0009-0002-6015-4303 |
| _version_ | 1824457943946362880 |
|---|---|
| author | Sinha, Varnika |
| author2 | Alizadeh, Mohammad |
| author_facet | Alizadeh, Mohammad Sinha, Varnika |
| author_sort | Sinha, Varnika |
| collection | MIT |
| description | As cloud adoption increases, cloud providers are competing to build more robust and secure platforms to keep growing and attract more users by ensuring their data is highly available but not susceptible to malicious attacks. Many cloud platforms are distributed systems based on a microservices architecture where many services communicate with one another. Communication among services should be authenticated to implement security in depth and not just rely on the security of networks and infrastructure. However, these services can be on the order of hundreds or thousands, which increases the number of specialized secrets needed to provide authentication. This means that systems like these involve a large number of secrets. These large numbers of secrets are hard to manage and track in the case of exposure, which leads to a risk of misconfiguration and leaks. We implement a framework that accounts for these secrets by managing the creation, rotation, and deletion in accordance with the existing architecture of the platform with a Kubernetes custom resource and controller and ensure that a secret with the correct permissions is always present when needed. |
| first_indexed | 2025-02-19T04:18:02Z |
| format | Thesis |
| id | mit-1721.1/156983 |
| institution | Massachusetts Institute of Technology |
| last_indexed | 2025-02-19T04:18:02Z |
| publishDate | 2024 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1569832024-09-25T03:59:34Z Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture Sinha, Varnika Alizadeh, Mohammad Belsky, David Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science As cloud adoption increases, cloud providers are competing to build more robust and secure platforms to keep growing and attract more users by ensuring their data is highly available but not susceptible to malicious attacks. Many cloud platforms are distributed systems based on a microservices architecture where many services communicate with one another. Communication among services should be authenticated to implement security in depth and not just rely on the security of networks and infrastructure. However, these services can be on the order of hundreds or thousands, which increases the number of specialized secrets needed to provide authentication. This means that systems like these involve a large number of secrets. These large numbers of secrets are hard to manage and track in the case of exposure, which leads to a risk of misconfiguration and leaks. We implement a framework that accounts for these secrets by managing the creation, rotation, and deletion in accordance with the existing architecture of the platform with a Kubernetes custom resource and controller and ensure that a secret with the correct permissions is always present when needed. M.Eng. 2024-09-24T18:24:51Z 2024-09-24T18:24:51Z 2024-05 2024-07-11T14:37:32.236Z Thesis https://hdl.handle.net/1721.1/156983 https://orcid.org/0009-0002-6015-4303 Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) Copyright retained by author(s) https://creativecommons.org/licenses/by-nc-nd/4.0/ application/pdf Massachusetts Institute of Technology |
| spellingShingle | Sinha, Varnika Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title | Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title_full | Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title_fullStr | Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title_full_unstemmed | Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title_short | Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture |
| title_sort | enforcing identification and authentication policies at scale in a cloud microservices architecture |
| url | https://hdl.handle.net/1721.1/156983 https://orcid.org/0009-0002-6015-4303 |
| work_keys_str_mv | AT sinhavarnika enforcingidentificationandauthenticationpoliciesatscaleinacloudmicroservicesarchitecture |