Informatics and Applications
2022, Volume 16, Issue 4, pp 87-92
ABOUT THE SECURE ARCHITECTURE OF A MICROSERVICE-BASED COMPUTING SYSTEM
- A. A. Grusho
- N. A. Grusho
- M. I. Zabezhailo
- D. V. Smirnov
- E. E. Timonina
- S. Ya. Shorgin
Abstract
The paper discusses a network-centric microservice architecture system in which all microservice computers are the same for simplicity. Each microservice computer may fail or receive malicious code. The maximum negative impact on the microservice computer is a calculation error and providing the consumer with the wrong result. The tasks of detecting failed microservice computers and detecting microservice computers with malicious code are considered. In solving the set tasks, elements of training are used. Correctly solved problems (conditions, source data, and correct answers) are accumulated in the memory of the control system. This means that one can restart any task with an already known correct result. At the same time, the article uses the ideas and results of the present authors to ensure information security while using metadata. Depending on the assumptions about the possible actions of malicious code, two classes of secure computing algorithms are built in the context of its possible impact on intermediate results in the flow of solved problems. The second class of algorithms works in the assumption that malicious code can correctly calculate the solution to the current problem with probability p and introduce distortion into the result with probability 1 - p. The authors consider three types of distortions that malicious code can introduce and which allow one to either find the true solution accurately or with low probability of error
[+] References (14)
- Ramachandran, J. 2002. Designing security architecture solutions. John Wiley & Sons Singapore Pte. Ltd. 452 p.
- Sherwood, J., A. Clark, and D. Lynas. 2009. Enterprise security architecture. 25 p. Available at: https:// sabsacourses.com/wp-content/uploads/2021/02/TSI- W100-SABSA-White-Paper.pdf (accessed November 16, 2022).
- Wang, S., and R. S. Ledley. 2013. Computer architecture and security fundamentals of designing secure computer systems. John Wiley & Sons Singapore Pte. Ltd. 342 p.
- Timonina, E. E. 2004. Analiz ugroz skrytykh kanalov
i metody postroeniya garantirovanno zashchishchennykh raspredelennykh avtomatizirovannykh sistem [The analysis of threats of covert channels and methods of creation
of guaranteed protected distributed automated systems]. Moscow: Russian State University for the Humanities. D. Sc. Diss. 204 p.
- Grusho, A. A., N.A. Grusho, E. E. Timonina, and
S. Ya. Shorgin. 2015. Vozmozhnosti postroeniya bezopasnoy arkhitektury dlya dinamicheski izmenyayushcheysya informatsionnoy sistemy [Regarding capabilities of secured architecture creation for dynamic changing information system]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 25(3):78-93.
- Lacoste, M., ed. 2015. Architecture for secure computation infrastructure and self-management of VMsecurity. Zenodo. 97 p. doi: 10.5281/zenodo.49743.
- Grusho, A., A. Nikolaev, V. Piskovski, V. Sentchilo, and E. Timonina. 2020. Endpoint cloud terminal as an approach to secure the use of an enterprise private cloud. Scientific and Technical Conference (International) on Modern Computer Network Technologies Proceedings. Piscataway, NJ: IEEE. 9258244. 4 p. doi: 10.1109/ MoNeTeC49726.2020.9258244.
- Dullmann, T. F 2017. Performance anomaly detection in microservice architectures under continuous change. Master's Thesis. Available at: https://elib. uni-stuttgart.de/bitstream/11682/9083/1/MScThesis- TFDuellmann.pdf (accessed November 16, 2022).
- Mayer, B., and R. Weinreich. 2017. Dashboard for microservice monitoring and management. Conference (International) on Software Architecture Workshops Pro-ceedings. Piscataway, NJ: IEEE. 66-69. doi: 10.1109/ ICSAW.2017.44.
- Brandon, A., M. Sole, A. Huelamo, D. Solans, M. S. Perez, and V. Muntes-Mulero. 2020. Graph-based root cause analysis for service-oriented and microservice architectures. J. Syst. Software 159:110432. 17 p.
- Grusho, A. A., E. E. Timonina, and S. Ya. Shorgin. 2017. Modelling for ensuring information security of the distributed information systems. 31st European Conference
on Modelling and Simulation Proceedings. Dudweiler, Germany: Digitaldruck Pirrot GmbHP. 656-660.
- Grusho, A., N. Grusho, M. Zabezhailo, A. Zatsarinny, and E. Timonina. 2017. Information security of SDN on the basis of meta data. Computer network security. Eds. J. Rak, J. Bay, I. V. Kotenko, et al. Lecture notes in computer science ser. Springer. 10446:339-347.
- Grusho, A.A., M.I. Zabezhailo, N.A. Grusho, and
E. E. Timonina. 2018. Informatsionnaya bezopasnost' na osnove metadannykh v komponentno-integratsionnykh arkhitekturakh informatsionnykh sistem [Information se-curity on the basis of meta data in enterprise application integration architecture of information systems]. Sistemy
i Sredstva Informatiki - Systems and Means of Informatics 28(2):34-41.
- Grusho, A., N. Grusho, M. Zabezhailo, and E. Timonina. 2020. Generation of metadata for network control. Distributed computer and communication networks. Eds. V. M. Vishnevskiy, K. E. Samouylov, and D. V. Kozyrev. Lecture notes in computer science ser. Cham: Springer. 12563:723-735. doi: 10.1007/978-3-030-66471-8_55.
[+] About this article
Title
ABOUT THE SECURE ARCHITECTURE OF A MICROSERVICE-BASED COMPUTING SYSTEM
Journal
Informatics and Applications
2022, Volume 16, Issue 4, pp 87-92
Cover Date
2022-12-30
DOI
10.14357/19922264220413
Print ISSN
1992-2264
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security; secure computing under malicious code conditions; microservice architecture
Authors
A. A. Grusho  , N. A. Grusho , M. I. Zabezhailo , D. V. Smirnov  , E. E. Timonina , and S. Ya. Shorgin
Author Affiliations
Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Sberbank of Russia, 19 Vavilov Str., Moscow 117999, Russian Federation
|