Enforcing Identification and Authentication Policies at Scale in a Cloud Microservices Architecture

• dc.contributor.advisor: Alizadeh, Mohammad
• dc.contributor.advisor: Belsky, David
• dc.contributor.author: Sinha, Varnika
• dc.date.issued: 2024-05
• dc.date.submitted: 2024-07-11T14:37:32.236Z
• dc.identifier.uri: https://hdl.handle.net/1721.1/156983
• dc.description.abstract: As cloud adoption increases, cloud providers are competing to build more robust and secure platforms to keep growing and attract more users by ensuring their data is highly available but not susceptible to malicious attacks. Many cloud platforms are distributed systems based on a microservices architecture where many services communicate with one another. Communication among services should be authenticated to implement security in depth and not just rely on the security of networks and infrastructure. However, these services can be on the order of hundreds or thousands, which increases the number of specialized secrets needed to provide authentication. This means that systems like these involve a large number of secrets. These large numbers of secrets are hard to manage and track in the case of exposure, which leads to a risk of misconfiguration and leaks. We implement a framework that accounts for these secrets by managing the creation, rotation, and deletion in accordance with the existing architecture of the platform with a Kubernetes custom resource and controller and ensure that a secret with the correct permissions is always present when needed.
• dc.publisher: Massachusetts Institute of Technology
• dc.type: Thesis
• dc.description.degree: M.Eng.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.identifier.orcid: https://orcid.org/0009-0002-6015-4303
• mit.thesis.degree: Master
• thesis.degree.name: Master of Engineering in Electrical Engineering and Computer Science