Security Issues and Challenges in Service Meshes -- An Extended Study

Abstract: Service meshes have emerged as an attractive DevOps solution for collecting, managing, and coordinating microservice deployments. However, current service meshes leave fundamental security mechanisms missing or incomplete. The security burden means service meshes may actually cause additional workload and overhead for administrators over traditional monolithic systems. By assessing the effectiveness and practicality of service mesh tools, this work provides necessary insights into the available security of service meshes. We evaluate service meshes from two perspectives: skilled system administrators (who deploy optimal configurations of available security mechanisms) and default configurations. Under these two models, we consider a comprehensive set of adversarial scenarios and uncover important design flaws with contradicting goals, as well as the limitations and challenges encountered in employing service mesh tools for operational environments.