The service mesh has become the de-facto application services infrastructure for cloud-native applications. It enables the various runtime functions (network connectivity, access control etc.) of an application through proxies which thus form the data plane of the service mesh. Depending upon the distribution of the network layer functions (L4 & L7) and the granularity of association of the proxies to individual services/computing nodes, different proxy models or data plane architectures have emerged. The purpose of this document is to develop a threat profile for each of the data plane architectures through a detailed threat analysis in order to make recommendations for their applicability (usage) for cloud-native applications with different security risk profiles.
The service mesh has become the de-facto application services infrastructure for cloud-native applications. It enables the various runtime functions (network connectivity, access control etc.) of an application through proxies which thus form the data plane of the service mesh. Depending upon the...
See full abstract
The service mesh has become the de-facto application services infrastructure for cloud-native applications. It enables the various runtime functions (network connectivity, access control etc.) of an application through proxies which thus form the data plane of the service mesh. Depending upon the distribution of the network layer functions (L4 & L7) and the granularity of association of the proxies to individual services/computing nodes, different proxy models or data plane architectures have emerged. The purpose of this document is to develop a threat profile for each of the data plane architectures through a detailed threat analysis in order to make recommendations for their applicability (usage) for cloud-native applications with different security risk profiles.
Hide full abstract