Date of Award

1-2023

Document Type

Master Thesis

Degree Name

Masters of Science (Research)

Department

Computer Science

First Advisor

Dr Sean McSweeney

Second Advisor

Prof Donna O'Shea

Third Advisor

Mr Pat McCarthy

Abstract

Critical applications demand strong security implementations, low latency and high availability at constant rates, however, the performance of a software system is affected by the implementation of security. This research measures the performance overhead and possible mitigation in cloud native systems secured with a service mesh, which allows enabling security policies for the authentication, authorization and encryption of traffic within distributed systems. The side-car proxy is a core component of this architecture, acting as a policy enforcement point and intercepting networking communication from/to applications part of the mesh, consequently affecting the performance of applications hosted in the cloud. Physical resources are required to operate the control plane and data plane, while latency is affected by the enforcement of security policies and encryption. We configured a cloud environment consisting of a managed Kubernetes cluster, deployed a cloud native synthetic application, configured service mesh, tested the performance under load and analyzed results to establish the overhead in terms of latency, CPU and memory. The analysis is performed on both data and control plane. Additionally, a performance enhancement was explored with the use of extended Berkeley Packet Filter technology which operates at the Linux Kernel level. Results show a reduction in CPU consumption as well as latency.

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Access Level

info:eu-repo/semantics/openAccess

Download

Share

COinS