Securing Workflows Using the Microservices Architecture


Ongoing efforts in the security community have tried to achieve desirable security properties, such as secure data at rest and in transport, policy enforcement, and data leak prevention for many years. Those efforts culminated in the design of security protocols and infrastructures such as the Transport Security Layer (TLS) protocol, or the Public Key Infrastructure, as well as policy enforcement mechanisms such as the eXtensible Access Control Markup Language (XACML), Access Control Lists (ACLs), firewall rules and many more. All those security mechanisms quickly become very hard to configure, manage and monitor, as well as losing flexibility over time, especially in the context of a workflow. In addition to the complexity of such a system, data leaks occur more and more often. Those leaks are perceived as huge losses of money for businesses like the movie industry, and must be prevented in order to achieve a truly secure workflow system. In order to achieve all those desirable security properties, we turn to the world of microservices, which can provide us with all those security benefits while maintaining a streamlined design and flexibility. This containerized environment allows service streamlining, while container orchestrators and service meshes allow us to create and manage identities and policies, as well as having a flexible telemetry system in the form of tracing, monitoring and logging. One thing the microservice architecture does not solve is the verification of the correctness of policies, a problem we are aiming to demonstrate and solve. This work presents how the microservice architecture can help us achieve a secure and leak-free workflow.

Jun 20, 2019 13:00 — Jun 20, 2020 14:30
292 rue Saint-Martin
75003 Paris