Research Article
MisMesh: Security Issues and Challenges in Service Meshes
@INPROCEEDINGS{10.1007/978-3-030-63086-7_9, author={Dalton A. Hahn and Drew Davidson and Alexandru G. Bardas}, title={MisMesh: Security Issues and Challenges in Service Meshes}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={Service mesh DevOps Containers Consul Istio Linkerdv2}, doi={10.1007/978-3-030-63086-7_9} }- Dalton A. Hahn
Drew Davidson
Alexandru G. Bardas
Year: 2020
MisMesh: Security Issues and Challenges in Service Meshes
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_9
Abstract
Service meshes have emerged as an attractive DevOps solution for collecting, managing, and coordinating microservice deployments. However, current service meshes leave fundamental security mechanisms missing or incomplete. The security burden means service meshes may actually cause additional workload and overhead for administrators over traditional monolithic systems. By assessing the effectiveness and practicality of service mesh tools, this work provides necessary insights into the available security of service meshes. We evaluate service meshes under skilled administrators (who deploy optimal configurations of available security mechanisms) and default configurations. We consider a comprehensive set of adversarial scenarios, uncover design flaws contradicting system goals, and present limitations and challenges encountered in employing service mesh tools for operational environments.
