SANTOS, J. A. F.; http://lattes.cnpq.br/7426109869138855; SANTOS, José Amândio Ferreira dos.
Abstract:
Service Meshes became popular as they help monitor and manage microservice-based applications: storing and processing applications that often include sensitive content in their data, and enabling the transparent addition of functionalities through a proxy, without including them in the code itself. In parallel, there has been a growth in demand for sensitive applications that isolate sensitive data in a protected CPU enclave during processing. The use of confidential applications in service meshes is an incompatible union in its current state. A simple proxy ends up exposing data that, until then, were protected by the confidential application. Although current services meshes do not support it well, service meshes and confidential applications can be indeed combined. We tested several proxies that could meet this demand and evaluated two options that can help achieving this goal: a confidential GHOSTUNNEL and SCONE’s network shield.
