Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Releases SP 800-233, Service Mesh Proxy Models for Cloud-Native Applications
October 16, 2024

NIST has published Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, which performs detailed threat analysis of the various proxy models in the service mesh architecture of cloud-native applications to develop a threat profile and provide recommendations for their applicability.

Proxies constitute the data plane of a service mesh that forms the application services architecture for cloud-native applications implemented as a group of microservices. Depending on the distribution of the network layer functions (i.e., L4 and L7) and the granularity of association of the proxies to individual services/computing nodes, different data plane architectures have emerged.

The purposes of this document are two-fold:

  1. Develop a threat profile for each of the data plane architectures by considering a set of potential threats to various proxy functions and assigning scores to the impacts and likelihoods of their exploits.
  2. Analyze the service mesh capabilities that are required for each class of cloud-native applications with different risk profiles (i.e., low, medium, and high) and provide recommendations for the data plane architectures or proxy models that are appropriate and applicable for each class.

Related Topics

Security and Privacy: threats

Technologies: cloud & virtualization, networks

Created October 15, 2024, Updated November 14, 2024