A Security Service for Performance-Aware End-to-End Protection of Sensitive Data in Cloud Native Applications

The characteristics of cloud native applications — like decentralized architectures, high automation, and dynamic and interconnected microservices — bring forth a number of security challenges across both architectural design and lifecycle management. Some prominent challenges are authentication and authorization, real-time detection of security incidents, network security, microservice (as well as container) security, and, especially, data security. An ecosystem of security mechanisms already exists and provides excellent solutions addressing these challenges throughout the developing and operating of cloud native applications: identity and access management, monitoring and logging, intrusion prevention and detection systems, vulnerabilities assessment and hardening, and cryptography, to mention a few. Nonetheless, despite the availability of such a rich ecosystem, some cloud native applications entail additional considerations linked to the aforementioned challenges — and, in particular, to data security — which may need to be contemplated when evaluating the adoption of security mechanisms and their effectiveness. First, the level of trust assigned to participating parties within the scope of some cloud native applications is inherently limited — e.g., those aligning with the well-known security-by-design and zero trust principles. These cloud native applications confront a multifaceted threat landscape that extends beyond external attackers by including malicious insiders and honest-but-curious cloud providers which threaten the confidentiality and integrity of the (often sensitive) data managed by cloud native applications. Moreover, cloud native applications are frequently deployed in resource-constrained environments — e.g., the Internet of Things (IoT) — or operate in delicate fields (e.g., eHealth, automotive) offering critical functions (e.g., remote monitoring, cooperative vehicle maneuvering) where the quality of service may suffer from computationally or network heavy security mechanisms. In other words, security is not absolute, and its achievement must instead be balanced with that of performance requirements relevant to the underlying cloud native applications — e.g., low latency, minimal bandwidth utilization, and high scalability — underscoring the necessity for nuanced security mechanisms that are mindful of performance aspects. Therefore, in this thesis, we propose a security service addressing the convoluted dynamics of data security in cloud native applications. Our security service comprises four security mechanisms — namely CryptoAC, ACE and ACME, and MOMO — which implement the actual contributions of this thesis as we describe below. First, the threat model of cloud native applications requires preventing unauthorized access to data while offering strong guarantees of data confidentiality and integrity. To this end, we consider the use of cryptography to enforce Access Control (AC) policies — a combination usually called Cryptographic Access Control (CAC) — and propose the design of two CAC schemes, compatible with the aforementioned characteristics, for the end-to-end (E2E) protection of data both in transit and at rest in cloud native applications. We implement both CAC schemes — one for Role-Based Access Control (RBAC) and one Attribute-Based Access Control (ABAC) — into CryptoAC , discuss its security, and conduct a thorough performance evaluation. Then, we propose a methodology for evaluating the performance of generic AC enforcement mechanisms — hence, applicable to both CAC and centralized AC — starting from realistic workloads expressed as Business Process Model and Notation (BPMN) workflows. In detail, our methodology comprises a procedure deriving sequences of AC requests (e.g., access data, distribute permission) which are representative of the scenarios in which a cloud native application is deployed, and an evaluator executing these sequences against the AC enforcement mechanisms under test; we implement the procedure and the evaluator into ACE and ACME, respectively. Finally, we define an architectural model that identifies the common base building blocks of CAC over which we formalize a Multi-Objective Combinatorial Optimization Problem (MOCOP) to balance the achievement of security and performance in cloud native applications. Consequently, we implement an algorithm to solve the aforementioned MOCOP in MOMO, for which we provide both a conceptual application and a proof-of-concept application.