MicroGuard:Non-Intrusive Dynamic Analysis for Inter-Service Access Control of Microservices
Cloud-native systems enable high-scalibility for application development and deployment with loosely coupled microservices that interact over the network, but they also introduce security risks, potentially leading to unauthorized inter-service access. To mitigate such risks, existing approaches rely on manual policy configuration or static code analysis. However, these methods are time-consuming for policy maintainance, require code avalibility and fail to support access control for hidden service invocations. To address these limitations, we propose \textit{MicroGuard}, an access control system that automatically generates and enforces access control policies in microservices. During microservice development and testing, MicroGuard captures and analyzes inter-service communication packets to identify hidden runtime service invocations. MicroGuard leverages a bidirectional prefix tree (Trie) and pre-trained language models to extract comprehensive access control policies. During execution of microservice systems, MicroGuard enforces these policies to detect and block unauthorized access requests. Our experimental results show that MicroGuard effectively captures and rejects all unauthorized attempts, introducing an average processing delay of only 2% to the original response time of microservice systems.
Sat 21 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 13:00 | Session4: Code Optimization and Software ArchitectureResearch Track at Cosmos 3A Chair(s): Changhai Nie Nanjing University | ||
11:00 15mTalk | Take Kernel Stack Overhead Out: eBPF-Enhanced Network Acceleration for Distributed Training within Ethernet Research Track Zhenyu Zhang School of Computer Science and Engineering, Sun Yat-sen University, Pengfei Chen Sun Yat-sen University, Guangba Yu School of Computer Science and Engineering, Sun Yat-sen University, Zilong He Sun Yat-sen University, Xiaoyun Li Sun Yat-sen University Pre-print | ||
11:15 15mTalk | Exploiting Booster Pass Chain for Compiler Phase Ordering Research Track yihan chen , Huanhuan Chen Nanjing University, Yuan Yao Nanjing University, Ping Yu Nanjing University, Feng Xu Nanjing University, Xiaoxing Ma Nanjing University File Attached | ||
11:30 15mTalk | DeFS: A Decentralized and High-Performance File System for Consortium Systems Research Track Yitong Cheng Shanghai JiaoTong University, Shenglong Zhao Shanghai JiaoTong University, Yang Yu Shanghai Jiao Tong University, China, Zhichao Hua Shanghai Jiao Tong University | ||
11:45 15mTalk | Proteus: An Automatical High-Efficiency Framework for Generating Compact and Printable Shellcode on ARMv8 Research Track Jian Lin Information Engineering University, Guoan Liu Information Engineering University, Rui Chang Zhejiang University, Ruimin Wang Information Engineering University | ||
12:00 15mTalk | Modeling Go Concurrency: A Static Analysis Approach to Data Race Detection Research Track Fengjuan Gao Nanjing University of Science and Technology, Mumu Zhang Nanjing University, Zixiao Zhao Nanjing University, Yu Wang Nanjing University, Xuandong Li Nanjing University | ||
12:15 15mTalk | RABBIT: Managing Hierarchical Memory with Intelligent Tiering Aware Deduplication Research Track | ||
12:30 15mTalk | DPCapsule: A Decentralized Private Computing System With Self-Controlled Data Research Track Yitong Cheng Shanghai JiaoTong University, Yang Yu Shanghai Jiao Tong University, China, Zhichao Hua Shanghai Jiao Tong University | ||
12:45 15mTalk | MicroGuard:Non-Intrusive Dynamic Analysis for Inter-Service Access Control of Microservices Research Track Haoming Luo School of Computer Science and Engineering, Sun Yat-sen University, Wanqi Yang Sun Yat-Sen University, Pengfei Chen Sun Yat-sen University | ||
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.