Integrity Protection Against Insiders in Microservice-Based Infrastructures: From Threats to a Security Framework

  • Mohsen Ahmadvand
  • Alexander Pretschner
  • Keith Ball
  • Daniel Eyring
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11176)


Building microservices involves continuous modifications at design, deployment, and run times. The DevOps notion together with the “you built it, you run it” paradigm often result in a much larger number of developers with direct access to the production pipeline than in the case of monolithic systems. Reproducible builds and continuous delivery entail practices that further worsen this situation as they grant insiders with indirect accesses (scripted processes) to production machines. Moreover, managing microservices is heavily aided by governance tools (such as Kubernetes) that are configured and controlled by insiders. In this setting, accounting for malicious insiders quickly becomes a major concern. In this paper, we identify representative integrity threats to microservice-based systems in the broader context of a development process by analyzing real-world microservice-based systems. We show that even end-to-end encryption may fall short without adequate integrity protections. From the identified threats, we then derive a set of security requirements for holistic protection. Finally, we propose a framework that serves as a blueprint for insider-resistant integrity protection in microservices.


  1. 1.
    Ahmadvand, M., Ibrahim, A.: Requirements reconciliation for scalable and secure microservice (de)composition. In: 2016 IEEE 3rd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). IEEE (2016)Google Scholar
  2. 2.
    Ahmadvand, M., Pretschner, A., Kelbert, F.: A taxonomy of software integrity protection techniques. In: Advances in Computers. Elsevier (2018)Google Scholar
  3. 3.
    Ahmadvand, M., Scemama, A., Ochoa, M., Pretschner, A.: Enhancing operation security using secret sharing. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016), pp. 446–451. INSTICC/SciTePress (2016)Google Scholar
  4. 4.
    Arnautov, S., et al.: SCONE: secure linux containers with intel SGX. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), vol. 16, pp. 689–703. USENIX Association, Savannah, GA (2016)Google Scholar
  5. 5.
    Banescu, S., Pretschner, A., Battré, D., Cazzulani, S., Shield, R., Thompson, G.: Software-based protection against changeware. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 231–242. ACM (2015)Google Scholar
  6. 6.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM Trans. Comput. Syst. (TOCS) 33(3), 8 (2015)CrossRefGoogle Scholar
  7. 7.
    Brenner, S., Hundt, T., Mazzeo, G., Kapitza, R.: Secure cloud micro services using Intel SGX. In: Chen, L.Y., Reiser, H.P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 177–191. Springer, Cham (2017). Scholar
  8. 8.
    Callegati, F., Giallorenzo, S., Melis, A., Prandini, M.: Cloud-of-things meets mobility-as-a-service: an insider threat perspective. Comput. Secur. 74, 277–295 (2018)CrossRefGoogle Scholar
  9. 9.
    Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Trans. Softw. Eng. 28(8), 735–746 (2002)CrossRefGoogle Scholar
  10. 10.
    Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016:86 (2016)Google Scholar
  11. 11.
    Dewan, P., Durham, D., Khosravi, H., Long, M., Nagabhushan, G.: A hypervisor-based system for protecting software runtime memory and persistent storage, pp. 828–835. Society for Computer Simulation International (2008)Google Scholar
  12. 12.
    Dragoni, N., et al.: Microservices: yesterday, today, and tomorrow. Present and Ulterior Software Engineering, pp. 195–216. Springer, Cham (2017). Scholar
  13. 13.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 193–206. ACM (2003)CrossRefGoogle Scholar
  14. 14.
    Jakobsson, M., Johansson, K.-A.: Practical and secure software-based attestation. In: 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols and Applications (LightSec), pp. 1–9. IEEE (2011)Google Scholar
  15. 15.
    Jin, H., Lotspiech, J.: Forensic analysis for tamper resistant software. In: 14th International Symposium on Software Reliability Engineering, ISSRE 2003, pages 133–142. IEEE (2003)Google Scholar
  16. 16.
    Kalske, M., Mäkitalo, N., Mikkonen, T.: Challenges when moving from monolith to microservice architecture. In: Garrigós, I., Wimmer, M. (eds.) ICWE 2017. LNCS, vol. 10544, pp. 32–47. Springer, Cham (2018). Scholar
  17. 17.
    Kandias, M., Virvilis, N., Gritzalis, D.: The insider threat in cloud computing. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 93–103. Springer, Heidelberg (2013). Scholar
  18. 18.
    Liang, X., Shetty, S., Zhang, L., Kamhoua, C., Kwiat, K.: Man in the cloud (MITC) defender: SGX-based user credential protection for synchronization applications in cloud computing platform. In: 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), pp. 302–309, June 2017Google Scholar
  19. 19.
    Lind, J., et al.: Glamdring: automatic application partitioning for Intel SGX. In: 2017 USENIX Annual Technical Conference (USENIX ATC 17), Santa Clara, CA, pp. 285–298. USENIX Association (2017)Google Scholar
  20. 20.
    Martignoni, L., Paleari, R., Bruschi, D.: Conqueror: tamper-proof code execution on legacy systems. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 21–40. Springer, Heidelberg (2010). Scholar
  21. 21.
    Neisse, R., Holling, D., Alexander, P.: Implementing trust in cloud infrastructures. In: Proceedings of the 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 524–533. IEEE Computer Society (2011)Google Scholar
  22. 22.
    Salem, M.B., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security, vol. 39, pp. 69–90. Springer, US, Boston (2008). Scholar
  23. 23.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, Hot-Cloud 2009, Berkeley, CA, USA. USENIX Association (2009)Google Scholar
  24. 24.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)CrossRefGoogle Scholar
  25. 25.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. ACM SIGOPS Oper. Syst. Rev. 39, 1–16 (2005)CrossRefGoogle Scholar
  26. 26.
    De Sutter, B., et al.: A reference architecture for software protection, pp. 291–294, April 2016Google Scholar
  27. 27.
    Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 219–230. ACM, New York (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Mohsen Ahmadvand
    • 1
  • Alexander Pretschner
    • 1
  • Keith Ball
    • 2
  • Daniel Eyring
    • 2
  1. 1.Technical University of MunichMunichGermany
  2. 2.Brabbler AG.MunichGermany

Personalised recommendations