Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call Specialization
William Blair, Frederico Araujo, Teryl Taylor, Jiyong Jang
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
In an era dominated by cloud-native applications and microservice architectures, securing the underlying infrastructure against sophisticated attacks remains a paramount challenge for cloud operators. This talk, presented by William Blair and his collaborators Frederico Araujo, Teryl Taylor, and Jiyong Jang, from the IBM Thomas J. Watson Research Center, introduces a novel approach to enhance microservice security through **Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call Specialization**. The core problem addressed is the inherent vulnerability of microservices, which often run arbitrary customer code within operating system containers, exposing cloud environments to significant risk if a container is compromised.
AI review
This research introduces Effect Graphs and MicrPolicyCraft, a novel framework for automated, stateful system call specialization that directly counters mimicry attacks in microservices. By combining hybrid analysis with security automata, it generates precise, configuration-specific policies, significantly advancing cloud-native security. This is a critical development for containing compromised services in complex, distributed environments.