U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Building Secure Microservices-based Applications Using Service-Mesh Architecture

Published

Author(s)

Ramaswamy Chandramouli, Zack Butcher

Abstract

The increasing trend in building microservices-based applications calls for addressing security in all aspects of service-to-service interactions due to their unique characteristics. The distributed cross-domain nature of microservices needs secure token service (STS), key management and encryption services for authentication and authorization, and secure communication protocols. The ephemeral nature of clustered containers (by which microservices are implemented) calls for secure service discovery. The availability requirement calls for: (a) resiliency techniques, such as load balancing, circuit breaking, and throttling, and (b) continuous monitoring (for the health of the service). The service mesh is the best-known approach that can facilitate specification of these requirements at a level of abstraction such that it can be uniformly and consistently defined while also being effectively implemented without making changes to individual microservice code. The purpose of this document is to provide deployment guidance for proxy-based Service Mesh components that collectively form a robust security infrastructure for supporting microservices-based applications.
Citation
Special Publication (NIST SP) - 800-204A
Report Number
800-204A
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

API gateway, Application Programming Interface (API), circuit breaker, load balancing, microservices, Service Mesh, service proxy
Information technology and Cybersecurity

Citation

Chandramouli, R. and Butcher, Z. (2020), Building Secure Microservices-based Applications Using Service-Mesh Architecture, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-204A (Accessed April 24, 2024)

Created May 27, 2020, Updated May 28, 2020