Protection of Information and Communications in Distributed Systems and Microservices

Show full item record

Title: Protection of Information and Communications in Distributed Systems and Microservices
Author: Myyrä, Antti
Contributor: University of Helsinki, Faculty of Science
Publisher: Helsingin yliopisto
Date: 2019
Language: eng
Thesis level: master's thesis
Discipline: Tietojenkäsittelytiede
Abstract: Distributed systems have been a topic of discussion since the 1980s, but the adoption of microservices has raised number of system components considerably. With more decentralised distributed systems, new ways to handle authentication, authorisation and accounting (AAA) are needed, as well as ways to allow components to communicate between themselves securely. New standards and technologies have been created to deal with these new requirements and many of them have already found their way to most used systems and services globally. After covering AAA and separate access control models, we continue with ways to secure communications between two connecting parties, using Transport Layer Security (TLS) and other more specialised methods such as the Google-originated Secure Production Identity Framework for Everyone (SPIFFE). We also discuss X.509 certificates for ensuring identities. Next, both older time- tested and newer distributed AAA technologies are presented. After this, we are looking into communication between distributed components with both synchronous and asynchronous communication mechanisms, as well as into the publish/subscribe communication model popular with the rise of the streaming platform. This thesis also explores possibilities in securing communications between distributed endpoints and ways to handle AAA in a distributed context. This is showcased in a new software component that handles authentication through a separate identity endpoint using the OpenID Connect authentication protocol and stores identity in a Javascript object-notation formatted and cryptographically signed JSON Web Token, allowing stateless session handling as the token can be validated by checking its signature. This enables fast and scalable session management and identity handling for any distributed system.

Files in this item

Total number of downloads: Loading...

Files Size Format View
Antti Myyrä - Masters Thesis.pdf 1.203Mb PDF View/Open

This item appears in the following Collection(s)

Show full item record