Titulo Estágio
Intrusion Tolerance Techniques for Microservices
Local do Estágio
SSE-CISUC
Enquadramento
Over the last few years, microservices architectures have seen an increase in its adoption owing to faster development and deployment guarantees. The continuous integration and delivery following the adoption of DevOps enforces fast and frequent changes in the topology and in the number of services online and constituting a system. These dynamic environments increase the difficulty in securing and protecting systems. The attack surface areas can increase to unmanageable dimensions and monitoring mechanisms might be insufficient do deal with these continuous modifications. Therefore, the need of building security measures into the architecture providing by default capacity to deliver unimpaired service, despite security attacks having success in compromising some components, is of utmost importance.
Intrusion tolerance is a technique which allows systems to continue providing the expected service even when security intrusions occur. The architectural design of a system can proactively include mechanisms to cope with the breaches suffered without failing to comply with security requirements (confidentiality, integrity and availability). Such measures can be for instance, the use of independent replication, service redundancy, or proactive service migration following the identification of compromised parts of the infrastructure.
Objetivo
The main objective of this project is to benchmark different intrusion tolerance measures in terms of availability and integrity on a representative system following a microservice architecture when provided with these capabilities. Such measures will be elicited during the state-of-the-art analysis and according to its applicability to microservice architectures. The design of a testbed scenario for conducting a benchmarking procedure may contribute to the identification of limitations in current approaches to intrusion tolerance and as a result, the proposal of new and improved approaches to tolerate intrusions more effectively.
Plano de Trabalhos - Semestre 1
T1. [10/09/2020 to 31/10/2020] State of the art analysis and elicitation of applicable intrusion tolerance approaches.
T2. [21/10/2020 to 15/11/2020] Design and develop a tested for the experiments.
T3. [15/11/2020 to 15/12/2020] Preliminary study – assess applicability and implement the intrusion tolerance measures.
T4. [01/12/2020 to 21/01/2021] Write the Dissertation Plan.
Plano de Trabalhos - Semestre 2
T5. [01/02/2021 to 15/04/2021] Definition and preparation of the benchmarking procedure.
T6. [20/03/2021 to 30/04/2021] Execution of the benchmark and analysis of the results.
T7. [15/04/2021 to 31/05/2021] Write a scientific publication.
T8. [15/05/2021 to 01/07/2021] Write the thesis.
Condições
The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group. A work place will be provided as well as the required computational resources.
Observações
There is the possibility to offer a scholarship to the student, at least for the second semester.
Duration of the scholarship: 6 months (at least)
Monthly scholarship: 752,38€
Orientador
Nuno Antunes
nmsa@dei.uc.pt 📩