TY - GEN
T1 - Back to the future
T2 - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
AU - Espinoza, Antonio M.
AU - Wood, Riley
AU - Forrest, Stephanie
AU - Tiwari, Mohit
N1 - Funding Information:
We would like to thank our anonymous reviewers for their insightful feedback. We gratefully acknowledge the partial support of the NSF (CCF 1908633, OAC 2115075, CNS 1817020, CNS 1704778), DARPA (FA8750-19C-0003, N6600120C4020), AFRL (FA8750-19-1-0501), Intel (SCAP and SRC 2965.001), and the Santa Fe Institute.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Microservices are the dominant architecture used to build internet-scale applications today. Being internet-facing, their most critical attack surfaces are the OWASP top 10 Web Application Security Risks. Many of the top 10 OWASP attack types-injection, cross site scripting, broken access control and security misconfigurations-have persisted for many years despite major investments in code analysis and secure development patterns. Because microservices decompose monolithic applications into components using clean APIs, they lend themselves to practical application of a classic security/resilience principle, N-versioning. The paper introduces RDDR, a principled approach for applying N-versioning to microservices to improve resilience to data leaks. RDDR applies N-versioning to vulnerable microservices, requiring minimal code changes and with low performance impact beyond the cost of replicating microservices. Our evaluation demonstrates RDDR mitigating vulnerabilities of the top 5 of the top 10 OWASP types by applying diversity and redundancy to individual microservices.
AB - Microservices are the dominant architecture used to build internet-scale applications today. Being internet-facing, their most critical attack surfaces are the OWASP top 10 Web Application Security Risks. Many of the top 10 OWASP attack types-injection, cross site scripting, broken access control and security misconfigurations-have persisted for many years despite major investments in code analysis and secure development patterns. Because microservices decompose monolithic applications into components using clean APIs, they lend themselves to practical application of a classic security/resilience principle, N-versioning. The paper introduces RDDR, a principled approach for applying N-versioning to microservices to improve resilience to data leaks. RDDR applies N-versioning to vulnerable microservices, requiring minimal code changes and with low performance impact beyond the cost of replicating microservices. Our evaluation demonstrates RDDR mitigating vulnerabilities of the top 5 of the top 10 OWASP types by applying diversity and redundancy to individual microservices.
KW - Microservice protection
KW - Multi variant execution
KW - N-versioning
UR - http://www.scopus.com/inward/record.url?scp=85136338478&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136338478&partnerID=8YFLogxK
U2 - 10.1109/DSN53405.2022.00049
DO - 10.1109/DSN53405.2022.00049
M3 - Conference contribution
AN - SCOPUS:85136338478
T3 - Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
SP - 415
EP - 427
BT - Proceedings - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 June 2022 through 30 June 2022
ER -