Montag: Cloud Native Data Tainting and Policy Enforcement

Hantao Wang

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2020-105

May 29, 2020

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-105.pdf

In the wake of the newly adopted privacy regulations (GDPR) and recent string of user data compromises (Equifax, etc), there is an urgent need for operators and regulatory experts to be able to deploy data related policies within their network and control the flow of sensitive data in a way beyond what can be afforded through database ACLs. This new system must be scalable, easily to thousands of services, fit into the current architecture and industry standards, and retain the same easy of development and deployment that comes with microservices.

Montag is a system built on top of the existing popular orchestrator and service mesh infrastructure, Kubernetes and Istio, that allows data taints to be forwarded along with the data itself from service to service. This should require minimal changes to the application logic of the services and no changes to the infrastructure code. Privacy experts and cluster operators should be able to declaratively define global and domain specific privacy policies that are automatically enforced at the data plane based on the tuple's taints and the source / destination service. In our experimentation, we find that Montag operates with just a 0.4% increase in end to end latency for our example microservice application when using Kubernetes and Istio, and a 2.4% increase compared to applications just using Kubernetes.

Advisors: Scott Shenker

BibTeX citation:

@mastersthesis{Wang:EECS-2020-105,
    Author= {Wang, Hantao},
    Title= {Montag: Cloud Native Data Tainting and Policy Enforcement},
    School= {EECS Department, University of California, Berkeley},
    Year= {2020},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-105.html},
    Number= {UCB/EECS-2020-105},
    Abstract= {In the wake of the newly adopted privacy regulations (GDPR) and recent string of user data compromises (Equifax, etc), there is an urgent need for operators and regulatory experts to be able to deploy data related policies within their network and control the flow of sensitive data in a way beyond what can be afforded through database ACLs. This new system must be scalable, easily to thousands of services, fit into the current architecture and industry standards, and retain the same easy of development and deployment that comes with microservices.

Montag is a system built on top of the existing popular orchestrator and service mesh infrastructure, Kubernetes and Istio, that allows data taints to be forwarded along with the data itself from service to service. This should require minimal changes to the application logic of the services and no changes to the infrastructure code. Privacy experts and cluster operators should be able to declaratively define global and domain specific privacy policies that are automatically enforced at the data plane based on the tuple's taints and the source / destination service. In our experimentation, we find that Montag operates with just a 0.4% increase in end to end latency for our example microservice application when using Kubernetes and Istio, and a 2.4% increase compared to applications just using Kubernetes.},
}

EndNote citation:

%0 Thesis
%A Wang, Hantao 
%T Montag: Cloud Native Data Tainting and Policy Enforcement
%I EECS Department, University of California, Berkeley
%D 2020
%8 May 29
%@ UCB/EECS-2020-105
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-105.html
%F Wang:EECS-2020-105