NSF PAR Search | NSF Public Access Repository

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

CloudCover: Enforcement of Multi-Hop Network Connections in Microservice Deployments

https://doi.org/10.1109/ACSAC63791.2024.00095

Brucker-Hahn, Dalton A; Feng, Wang; Li, Shanchao; Petillo, Matthew; Bardas, Alexandru G; Davidson, Drew; Ji, Yuede (December 2024, Proceedings of the annual Computer Security Applications Conference)

Microservices have emerged as a strong architecture for large-scale, distributed systems in the context of cloud computing and containerization. However, the size and complexity of microservice systems have strained current access control mechanisms. Intricate dependency structures, such as multi-hop dependency chains, go uncaptured by existing access control mechanisms and leave microservice deployments open to adversarial actions and influence. This work introduces CloudCover, an access control mechanism and enforcement framework for microservices. CloudCover provides holistic, deployment-wide analysis of microservice operations and behaviors. It implements a verificationin-the-loop access control approach, mitigating multi-hop microservice threats through control-flow integrity checks. We evaluate these domain-relevant multi-hop threats and CloudCover under existing, real-world scenarios such as Istio’s opensource microservice example and under theoretic and synthetic network loads of 10,000 requests per second. Our results show that CloudCover is appropriate for use in real deployments, requiring no microservice code changes by administrators
more » « less
Free, publicly-accessible full text available December 9, 2025
MisMesh: Security Issues and Challenges in Service Meshes

https://doi.org/doi.org/10.1007/978-3-030-63086-7_9

Hahn, Dalton A; Davidson, Drew; Bardas, Alexandru G (December 2020, International Conference on Security and Privacy in Communication Systems (SecureComm))
Park N., Sun K. (Ed.)
Full Text Available
Measuring the Prevalence of the Password Authentication Vulnerability in SSH

https://doi.org/10.1109/ICC40277.2020.9148912

Andrews, Ron; Hahn, Dalton A.; Bardas, Alexandru G. (June 2020, n IEEE International Conference on Communications (ICC) – Communications and Information System Security (CISS) Symposium)
null (Ed.)
Full Text Available
Security and Privacy Issues in Contemporary Consumer Electronics [Energy and Security]

https://doi.org/10.1109/MCE.2018.2867979

Hahn, Dalton A.; Munir, Arslan; Mohanty, Saraju P. (January 2019, IEEE Consumer Electronics Magazine)
null (Ed.)
Full Text Available
Prosumer Nanogrids: A Cybersecurity Assessment

https://doi.org/10.1109/ACCESS.2020.3009611

Dafalla, Yousif; Liu, Bo; Hahn, Dalton A.; Wu, Hongyu; Ahmadi, Reza; Bardas, Alexandru G. (January 2020, IEEE Access)

Search for: All records