Date Published: June 14, 2024
Comments Due: August 1, 2024 (public comment period is CLOSED)
Email Questions to:
nistir-8505-comments@nist.gov
Cloud-native applications, which are generally based on microservices-based application architecture, involve the governance of thousands of services with as many inter-service calls. In this environment, ensuring data security involves more than simply specifying and granting authorization during service requests. It also requires a comprehensive strategy to categorize and analyze data access and leakage as data travels across various protocols (e.g., gRPC, REST-based), especially within ephemeral and scalable microservices implemented as containers.
Hence, in addition to techniques for protecting data at rest (e.g., regular expressions), it has become essential to develop in-transit data categorization that performs real-time data analysis to actively monitor and secure data as it moves across services and network protocols. This IR outlines a practical framework for effective data protection using the capabilities of WebAssembly (WASM) — a platform-agnostic, in-proxy approach with compute and traffic processing capabilities (in-line, network traffic analysis at layers 4–7) that can be built and deployed to execute at native speed in a sandboxed and fault-tolerant manner.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
None selected
Publication:
https://doi.org/10.6028/NIST.IR.8505.ipd
Download URL
Supplemental Material:
None available
Document History:
06/14/24: IR 8505 (Draft)
09/30/24: IR 8505 (Final)