Advertisement

Low-Level Exploitation Mitigation by Diverse Microservices

  • Christian OtterstadEmail author
  • Tetiana Yarygina
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10465)

Abstract

This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

Keywords

Security Software diversity Design patterns Robustness 

References

  1. 1.
    Zimmermann, O.: Microservices tenets: agile approach to service development and deployment. Comput. Sci. Res. Dev. 32(3–4), 301–310 (2017)CrossRefGoogle Scholar
  2. 2.
    Dragoni, N., Giallorenzo, S., Lluch-Lafuente, A., Mazzara, M., Montesi, F., Mustafin, R., Safina, L.: Microservices: yesterday, today, and tomorrow. CoRR abs/1606.04036 (2016). http://arxiv.org/abs/1606.04036
  3. 3.
    Newman, S.: Building Microservices. O’Reilly Media, Sebastopol (2015)Google Scholar
  4. 4.
    Fetzer, C.: Building critical applications using microservices. IEEE Secur. Priv. 14(6), 86–89 (2016)CrossRefGoogle Scholar
  5. 5.
    Lysne, O., Hole, K.J., Otterstad, C., Ytrehus, Ø., Aarseth, R., Tellnes, J.: Vendor malware: detection limits and mitigation. Computer 49(8), 62–69 (2016)CrossRefGoogle Scholar
  6. 6.
    Richardson, C., Smith, F.: Microservices from Design to Deployment. NGINX, Inc. (2016)Google Scholar
  7. 7.
    Montesi, F., Weber, J.: Circuit breakers, discovery, and API gateways in microservices. CoRR abs/1609.05830 (2016). http://arxiv.org/abs/1609.05830
  8. 8.
    Hole, K.J.: Anti-fragile ICT Systems. Simula SpringerBriefs on Computing. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-30070-2 CrossRefGoogle Scholar
  9. 9.
    Sassaman, L., Patterson, M.L., Bratus, S., Shubina, A.: The halting problems of network stack insecurity. Login 36(6), 22–32 (2011)Google Scholar
  10. 10.
    Homescu, A., Jackson, T., Crane, S., Brunthaler, S., Larsen, P., Franz, M.: Large-scale automated software diversity - program evolution redux. IEEE Trans. Dependable Secure Comput. 14, 158–171 (2015)CrossRefGoogle Scholar
  11. 11.
    Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems a secretless framework for security through diversity (2006)Google Scholar
  12. 12.
    Partridge, D., Krzanowski, W.: Software diversity: practical statistics for its measurement and exploitation. Inf. Softw. Technol. 39(10), 707–717 (1997)CrossRefGoogle Scholar
  13. 13.
    Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 77–98. Springer, New York (2011)CrossRefGoogle Scholar
  14. 14.
    Ormandy, T.: Fireeye exploitation: project zero’s vulnerability of the beast. https://googleprojectzero.blogspot.no/2015/12/fireeye-exploitation-project-zeros.html. Accessed 7 Feb 2017

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of BergenBergenNorway

Personalised recommendations