NIST has published Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, which performs detailed threat analysis of the various proxy models in the service mesh architecture of cloud-native applications to develop a threat profile and provide recommendations for their applicability.
Proxies constitute the data plane of a service mesh that forms the application services architecture for cloud-native applications implemented as a group of microservices. Depending on the distribution of the network layer functions (i.e., L4 and L7) and the granularity of association of the proxies to individual services/computing nodes, different data plane architectures have emerged.
The purposes of this document are two-fold: