Securing Workflows Using Microservices and Metagraphs †
1
ICube, University of Strasbourg, 67081 Strasbourg, France
2
LAMIH, CNRS, UMR 8201, Université Polytechnique Hauts-de-France, INSA Hauts-de-France, 59313 Valenciennes, France
*
Author to whom correspondence should be addressed.
†
This paper is an extended version of our paper published in IEEE 22nd International Conference on High-Performance Switching and Routing (HPSR 2021), Paris, France, 7–10 June 2021.
Academic Editor: Vijayakumar Varadarajan
Electronics 2021, 10(24), 3087; https://doi.org/10.3390/electronics10243087
Received: 14 November 2021
/
Revised: 5 December 2021
/
Accepted: 8 December 2021
/
Published: 11 December 2021
(This article belongs to the Special Issue Advances in Communications Software and Services)
Companies such as Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In this paper, we first show how those workflows can be deployed and enforced while preventing data exposure. Second, this paper provides a global framework to enable the verification of workflow policies. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture to enforce owner policy. We implement a workflow with our infrastructure in a publicly available proof of concept. This work allows us to verify that the specified policy is correctly enforced by testing the deployment for policy violations, and find the overhead cost of authorization to be reasonable for the benefits. In addition, this paper presents a way to verify policies using a suite of tools transforming and checking policies as metagraphs. It is evident from the results that our verification method is very efficient regarding the size of the policies. Overall, this infrastructure and the mechanisms that verify the policy is correctly enforced, and then correctly implemented, help us deploy workflows in the cloud securely.
View Full-Text
Keywords:
data leak; workflow; microservices; authorization; access control; policy verification; metagraphs; yawl; rego
▼
Show Figures
Graphical abstract
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
-
Externally hosted supplementary file 1
Doi: 10.5281/zenodo.4912289
Link: https://zenodo.org/record/4912289
Description: Data and code accompanying the paper.
MDPI and ACS Style
Miller, L.; Mérindol, P.; Gallais, A.; Pelsser, C. Securing Workflows Using Microservices and Metagraphs. Electronics 2021, 10, 3087. https://doi.org/10.3390/electronics10243087
AMA Style
Miller L, Mérindol P, Gallais A, Pelsser C. Securing Workflows Using Microservices and Metagraphs. Electronics. 2021; 10(24):3087. https://doi.org/10.3390/electronics10243087
Chicago/Turabian StyleMiller, Loïc, Pascal Mérindol, Antoine Gallais, and Cristel Pelsser. 2021. "Securing Workflows Using Microservices and Metagraphs" Electronics 10, no. 24: 3087. https://doi.org/10.3390/electronics10243087
Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
