Microservices Security : Employing Moving Target Defenses to harden security.

Microservice Architectures (MSA) consists of several autonomous, loosely coupled, polyglot components (microservices) operating jointly as an application. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity, thus microservices are rapidly gaining massive attention. The microservice architectural style supports polyglotness at the persistence layer and use of diverse programming languages for the business logic. Polyglot
persistence is widely practiced since it affords flexible deployment of different database types. Conversely, polyglot programming models are not favored due to complexities of managing multiple technologies. Instead, homogeneous microservices are more prevalent and prefered basically due to simplicity. However, this simplicity introduces homogeneity and thus security issues; vulnerabilities that infect base images (shared libraries and packages), are directly inherited across the entire application.

The security implications of shared vulnerabilities have been investigated in the past e.g. shared vulnerabilities between two Mozilla products: Firefox and Thunderbird, due to sharing of common codebases/libraries. MSA which are homogenous, i.e. composed of microservice instances built from identical base images are thus vulnerable to multi-step, correlated attacks that exploit the re-occurrence of vulnerabilities in multiple microservices.

Figure 1 : Multi-step attacks against a homogeneous microservice.

For example, an attacker might exploit an XSS vulnerability in the API Gateway of the PetClinic microservice application illustrated in step 1 of
Figure 1. Assuming the exploit affords him control over the API Gateway, the attacker might thereafter attack the Customer service (step 2), and subsequently replay the same attack (steps 3 and 4) against Visits and Vets services with the same success rates. These attacks succeed due to use of the same image for building PetClinic microservices, which amounts to inheritance of vulnerabilities across the entire application.

A possible counter-measure against the aforementioned challenge is employment of Moving Target Defenses (MTD). MTD are techniques that transform specified system components to create uncertainty for attackers, thereby reducing the probability of successful attacks i.e. attackability. We have proposed a cyber risk-based MTD approach for addressing these challenges in our paper which has been accepted at the 16th IEEE International Symposium for Parallel and Distributed Processing with Applications (ISPA 2018).