Modern cloud-based applications are composed of several microservices that interact over a network. They are complex distributed systems, to the point that developers may not even be aware of how microservices connect to each other and to the Internet. As a consequence, the security of these applications can be greatly compromised. This work explicitly targets this context by providing a methodology to assess microservice connectivity, a software tool that implements it, and findings from analyzing real cloud applications. Specifically, it introduces Kubesonde, a cloud-native software that instruments live applications running on a Kubernetes cluster to analyze microservice connectivity, with minimal impact on performance. An assessment of microservices in 200 popular cloud applications with Kubesonde revealed significant issues in terms of network isolation: more than 60% of them had discrepancies between their declared and actual connectivity, and none restricted outbound connections towards the Internet. Our analysis shows that Kubesonde offers valuable insights on the connectivity between microservices, beyond what is possible with existing tools.
Tue 5 DecDisplayed time zone: Pacific Time (US & Canada) change
16:00 - 18:00 | Log Analysis and DebuggingIndustry Papers / Research Papers at Golden Gate C1 Chair(s): Yiming Tang Rochester Institute of Technology | ||
16:00 15mTalk | [Remote] STEAM: Observability-Preserving Trace Sampling Industry Papers Shilin He Microsoft Research, Botao Feng Microsoft, Liqun Li Microsoft Research, Xu Zhang Microsoft Research, Yu Kang Microsoft Research, Qingwei Lin Microsoft, Saravan Rajmohan Microsoft 365, Dongmei Zhang Microsoft Research DOI Media Attached | ||
16:15 15mTalk | [Remote] Demystifying Dependency Bugs in Deep Learning Stack Research Papers Kaifeng Huang Fudan University, Bihuan Chen Fudan University, Susheng Wu Fudan University, Junming Cao Fudan University, Lei Ma The University of Tokyo / University of Alberta, Xin Peng Fudan University Media Attached | ||
16:30 15mTalk | From Point-wise to Group-wise: A Fast and Accurate Microservice Trace Anomaly Detection Approach Industry Papers Zhe Xie Tsinghua University, Changhua Pei Computer Network Information Center at Chinese Academy of Sciences, Wanxue Li eBay, USA, Huai Jiang eBay, USA, Liangfei Su eBay, USA, Jianhui Li Computer Network Information Center at Chinese Academy of Sciences, Gaogang Xie Computer Network Information Center at Chinese Academy of Sciences, Dan Pei Tsinghua University DOI Media Attached | ||
16:45 15mTalk | Semantic Debugging Research Papers Martin Eberlein Humboldt University of Berlin, Marius Smytzek CISPA Helmholtz Center for Information Security, Dominic Steinhöfel CISPA Helmholtz Center for Information Security, Lars Grunske Humboldt-Universität zu Berlin, Andreas Zeller CISPA Helmholtz Center for Information Security Media Attached | ||
17:00 7mTalk | Analyzing Microservice Connectivity with Kubesonde Industry Papers Jacopo Bufalino Aalto University, Mario Di Francesco Eficode; Aalto University, Tuomas Aura Aalto University DOI Media Attached | ||
17:08 15mTalk | [Remote] Hue: A User-Adaptive Parser for Hybrid Logs Research Papers Junjielong Xu Chinese University of Hong Kong, Shenzhen, Qiuai Fu Huawei Cloud Computing Technologies CO., LTD., Zhouruixing Zhu Chinese University of Hong Kong, Shenzhen, Yutong Cheng Chinese University of Hong Kong, Shenzhen, zhijing li , Yuchi Ma Huawei Cloud Computing Technologies CO., LTD., Pinjia He The Chinese University of Hong Kong, Shenzhen Media Attached | ||
17:23 15mTalk | [Remote] Log Parsing with Generalization Ability under New Log Types Research Papers Siyu Yu Guangxi University, Yifan Wu Peking University, Zhijing Li The Chinese University of Hong Kong, Shenzhen, Pinjia He The Chinese University of Hong Kong, Shenzhen, Ningjiang Chen Guangxi University, Changjian Liu Guangxi University Media Attached | ||