Chandramouli, R.
, Butcher, Z.
and Callaghan, J.
(2024),
Service Mesh Proxy Models for Cloud-Native Applications, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-233, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958767
(Accessed October 16, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Service Mesh Proxy Models for Cloud-Native Applications
Published
Author(s)
, Zack Butcher, James Callaghan
Abstract
The service mesh has become the de facto application services infrastructure for cloud-native applications. It enables the various runtime functions of an application through proxies that form the data plane of the service mesh. Depending on the distribution of the network layer functions and the granularity of association of the proxies to individual services and computing nodes, different proxy models or data plane architectures have emerged. This document describes a threat profile for each of the data plane architectures with a detailed threat analysis to make recommendations on their applicability for cloud-native applications with different security risk profiles.Citation
Special Publication (NIST SP) - NIST SP 800-233
Report Number
NIST SP 800-233
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
cloud-native application, data plane architecture, proxy model, service mesh, threat profile.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created October 16, 2024