MisMesh: Security Issues and Challenges in Service Meshes

• Published in: Security and Privacy in Communication Networks Vol. 335; pp. 140 - 151
• Main Authors: Hahn, Dalton A., Davidson, Drew, Bardas, Alexandru G.
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 01.01.2020; Springer International Publishing
• Series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
• Subjects: Consul; Containers; DevOps; Istio; Linkerdv2; Service mesh
• ISBN: 9783030630850; 3030630854
• ISSN: 1867-8211; 1867-822X
• DOI: 10.1007/978-3-030-63086-7_9

Service meshes have emerged as an attractive DevOps solution for collecting, managing, and coordinating microservice deployments. However, current service meshes leave fundamental security mechanisms missing or incomplete. The security burden means service meshes may actually cause additional workload and overhead for administrators over traditional monolithic systems. By assessing the effectiveness and practicality of service mesh tools, this work provides necessary insights into the available security of service meshes. We evaluate service meshes under skilled administrators (who deploy optimal configurations of available security mechanisms) and default configurations. We consider a comprehensive set of adversarial scenarios, uncover design flaws contradicting system goals, and present limitations and challenges encountered in employing service mesh tools for operational environments.