Cristel Pelsser

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Loïc Miller , Pascal Mérindol , Antoine Gallais and Cristel Pelsser

IEEE International Conference on High Perfor- mance Switching and Routing Conference (HPSR) June 2021

Featured image for Towards Secure and Leak-Free Workflows Using Microservice Isolation

data leak data breach workflow microservices authorization security

Abstract

Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.

Publication Details

Publication Type: Conference Paper
Publication Date: June 2021
Published In: IEEE International Conference on High Perfor- mance Switching and Routing Conference (HPSR)
Digital Object Identifier (DOI): 10.1109/hpsr52026.2021.9481820
External Link: http://icube-publis.unistra.fr/4-MMGP21

BibTeX Citation

@inproceedings{Miller2021,
	title        = {Towards Secure and Leak-Free Workflows Using Microservice Isolation},
	author       = {Miller, Loïc and Mérindol, Pascal and Gallais, Antoine and Pelsser, Cristel},
	year         = 2021,
	month        = jun,
	booktitle    = {IEEE International Conference on High Perfor- mance Switching and Routing Conference (HPSR)},
	doi          = {10.1109/hpsr52026.2021.9481820},
	url          = {http://icube-publis.unistra.fr/4-MMGP21},
	abstract     = {Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.},
	groups       = {International Conferences},
	keywords     = {data leak, data breach, workflow, microservices, authorization, security},
	x-international-audience = {Yes},
	x-language   = {EN}
}

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Abstract

Publication Details

BibTeX Citation

Related publications

Verification of Cloud Security Policies

Protection contre les fuites de données : un environnement micro-services sécurisé

De l’Utilisation des Métagraphes pour la Vérification de Politiques de Sécurité

The Forest Behind the Tree: Revealing Hidden Smart Home Communication Patterns

Related publications

Verification of Cloud Security Policies

Loïc Miller, Pascal Mérindol, and Antoine Gallais, et al.

IEEE International Conference on High Performance Switching and Routing Conference (HPSR), 2021

Protection contre les fuites de données : un environnement micro-services sécurisé

Loïc Miller, Pascal Mérindol, and Antoine Gallais, et al.

CoRes, 2021

De l’Utilisation des Métagraphes pour la Vérification de Politiques de Sécurité

Loïc Miller, Pascal Mérindol, and Antoine Gallais, et al.

AlgoTel, 2021

The Forest Behind the Tree: Revealing Hidden Smart Home Communication Patterns

François De Keersmaeker, Rémi Van Boxem, and Cristel Pelsser, et al.

Proceedings of the 33rd IEEE International Conference on Network Protocols (ICNP '25), 2025