Towards Secure and Leak-Free Workflows Using Microservice Isolation
Lo\"ic Miller, Pascal M\'erindol, Antoine Gallais, Cristel Pelsser
TL;DR
This paper proposes a microservice-based infrastructure to enforce secure, leak-free workflows aligned with zero-trust principles, effectively preventing data exposure and demonstrating resilience against targeted attacks.
Contribution
It introduces a novel microservice isolation approach for enforcing owner policies in workflows, enhancing security and leak prevention in data-sensitive processes.
Findings
The infrastructure effectively enforces owner policies in workflows.
The system is resilient to the considered attack models.
Overhead costs for authorization are manageable.
Abstract
Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.