In cloud services, the zero-trust security paradigm has emerged as a key strategy to reduce the large attack surface created by the complexity of cloud systems. Service mesh is a popular practice to realize the zero-trust architecture, which relies heavily on network access control to achieve the desired security. Building a service mesh-based solution in the cloud is not straightforward because privileged adversaries (e.g., malicious cloud insiders) can easily compromise the control plane where the access control function is implemented. In this paper, we propose S-ZAC, an access control hardening technique for service mesh-based solutions in the cloud. S-ZAC uses Intel SGX to provide a trusted execution environment for the control plane, which is responsible for enforcing access control for the service mesh. By isolating all access-control-related functions within an SGX enclave, S-ZAC ensures high resilience of the service mesh solution even in the presence of privileged adversaries. Due to the design limitations of SGX, implementing S-ZAC in the cloud for zero trust faces several challenges that can lead to serious scalability and failover issues. The first challenge is to establish secure communication channels between the S-ZAC components, even in the presence of privileged attackers. The second challenge is the limited memory capacity of the SGX enclave. Finally, the third challenge is that the inherent design of SGX does not support persistent enclave states, meaning that any state of running enclaves is volatile. We address these challenges by proposing our novel solutions. By implementing a prototype of S-ZAC, we evaluate its performance in terms of security and performance. The evaluation results validate the effectiveness of S-ZAC to enhance the security of the service mesh control plane in cloud environments.
Read full abstract