Date of Award
Masters of Science (Research)
Dr Sean McSweeney
Prof Donna O'Shea
Mr Pat McCarthy
Critical applications demand strong security implementations, low latency and high availability at constant rates, however, the performance of a software system is affected by the implementation of security. This research measures the performance overhead and possible mitigation in cloud native systems secured with a service mesh, which allows enabling security policies for the authentication, authorization and encryption of traffic within distributed systems. The side-car proxy is a core component of this architecture, acting as a policy enforcement point and intercepting networking communication from/to applications part of the mesh, consequently affecting the performance of applications hosted in the cloud. Physical resources are required to operate the control plane and data plane, while latency is affected by the enforcement of security policies and encryption. We configured a cloud environment consisting of a managed Kubernetes cluster, deployed a cloud native synthetic application, configured service mesh, tested the performance under load and analyzed results to establish the overhead in terms of latency, CPU and memory. The analysis is performed on both data and control plane. Additionally, a performance enhancement was explored with the use of extended Berkeley Packet Filter technology which operates at the Linux Kernel level. Results show a reduction in CPU consumption as well as latency.
Rodigari, Simone, "Performance Analysis of Zero Trust in Cloud Native Systems" (2023). Theses [online].
Available at: https://sword.cit.ie/allthe/546
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.