Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture

Sinha, Varnika

Author(s)

Sinha, Varnika

DownloadThesis PDF (2.094Mb)

Advisor

Alizadeh, Mohammad

Belsky, David

Terms of use

Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) Copyright retained by author(s) https://creativecommons.org/licenses/by-nc-nd/4.0/

Metadata

Show full item record

Abstract

As cloud adoption increases, cloud providers are competing to build more robust and secure platforms to keep growing and attract more users by ensuring their data is highly available but not susceptible to malicious attacks. Many cloud platforms are distributed systems based on a microservices architecture where many services communicate with one another. Communication among services should be authenticated to implement security in depth and not just rely on the security of networks and infrastructure. However, these services can be on the order of hundreds or thousands, which increases the number of specialized secrets needed to provide authentication. This means that systems like these involve a large number of secrets. These large numbers of secrets are hard to manage and track in the case of exposure, which leads to a risk of misconfiguration and leaks. We implement a framework that accounts for these secrets by managing the creation, rotation, and deletion in accordance with the existing architecture of the platform with a Kubernetes custom resource and controller and ensure that a secret with the correct permissions is always present when needed.

Date issued

2024-05

URI

https://hdl.handle.net/1721.1/156983

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses