With the rapid advancement of cloud-native computing, the microservice with high concurrency and low coupling has ushered in an unprecedented period of vigorous development. However, due to the mutability and complexity of cooperation procedures, it is difficult to realize high-efficient security management on these microservices. Traditional centralized access control has the defects of relying on a centralized cloud manager and a single point of failure. Meanwhile, decentralized mechanisms are defective by inconsistent policies defined by different participants. This paper first proposes a blockchain-based distributed access control policies and scheme, especially for microservices cooperation with dynamic access policies. We store the authorized security policies on the blockchain to solve the inconsistent policy problem while enabling individual management of personalized access policies by the providers rather than a central authority. Then we propose a graph-based decision-making scheme to achieve an efficient access control for microservices cooperation. Through the evaluations and experiments, it shows that our solution can realize effective distributed access control at an affordable cost.
Read full abstract