• No results found

Programming Microservice Choreographies: a security use case

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "Programming Microservice Choreographies: a security use case"

Copied!
32
0
0

Loading.... (view fulltext now)

Download now ( 32 Page )

Full text

(1)

Programming Microservice Choreographies:

a security use case

Saverio Giallorenzo¹, Fabrizio Montesi¹, Marco Peressotti¹, Luisa Zeppelin²

¹ University of Southern Denmark

² University of Hamburg

(2)

› Choreography noun

› a (decentralised) coordination

plan for concurrent systems

based on message passing

(3)

Microservices and Choreographies

(4)

Microservices and Choreographies

• Coordination is hard

(5)

Microservices and Choreographies

• Coordination is hard

• What do we want?

• Global specification of

choreographies

(6)

Microservices and Choreographies

• Coordination is hard

• What do we want?

• Global specification of choreographies

• Automatic translation to compliant endpoint

implementations

(7)

From Choreographies to

• Automatic generation of Java

library that implements each

role

(8)

From Choreographies to

• Automatic generation of Java library that implements each role

• Use for a microservice system

(9)

From Choreographies to

• Automatic generation of Java library that implements each role

• Use for a microservice system

• Deadlock-free!

(10)

How does it work?

(11)

Example

• Demo time!

class HelloRoles@( A, B ) { public void sayHello() {

String@A a = "Hello from A"@A;

String@B b = "Hello from B"@B;

[email protected]( a );

[email protected]( b );

} }

class HelloRoles_A {

public void sayHello() { String a;

a = "Hello from A";

System.out.println( a );

} }

Hello Roles

(12)

Hello Roles

• Demo time!

• Computation @ different roles (see Hybrid Logic)

class HelloRoles@( A, B ) { public void sayHello() {

String@A a = "Hello from A"@A;

String@B b = "Hello from B"@B;

[email protected]( a );

[email protected]( b );

} }

class HelloRoles_A {

public void sayHello() { String a;

a = "Hello from A";

System.out.println( a );

} }

Example

(13)

Hello Roles

• Demo time!

• Computation @ different roles (see Hybrid Logic)

• Compliance!

class HelloRoles@( A, B ) { public void sayHello() {

String@A a = "Hello from A"@A;

String@B b = "Hello from B"@B;

[email protected]( a );

[email protected]( b );

} }

class HelloRoles_A {

public void sayHello() { String a;

a = "Hello from A";

System.out.println( a );

} }

Example

(14)

What about interactions?

(15)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

• Communication!

Example

(16)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = < Key >com( aPK@Alice );

• Communication!

• Method com

Example

(17)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = < Key >com( aPK@Alice );

Key@Alice bobKey = < Key >com( bPK@Bob );

• Communication!

• Method com

Example

(18)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(SymChannel@( Alice, Bob )< Key > channel){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = channel.< Key >com( aPK@Alice );

• Communication over channels

Example

(19)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(SymChannel@( Alice, Bob )< Key > channel){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = channel.< Key >com( aPK@Alice );

Key@Alice bobKey = channel.< Key >com( bPK@Bob );

• Communication over channels

Example

(20)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(SymChannel@( Alice, Bob )< Key > channel){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = channel.< Key >com( aPK@Alice );

Example

(21)

Diffie-Hellman Key Exchange

class DiffieHellman@( Alice, Bob ){

public static void run(SymChannel@( Alice, Bob )< Key > channel){

Key@Alice aPK = exp( aKpair.gen, aKpair.secret );

Key@Bob bPK = exp( bKpair.gen, bKpair.secret );

Key@Bob aliceKey = channel.< Key >com( aPK@Alice );

Key@Alice bobKey = channel.< Key >com( bPK@Bob );

Key@Alice sharedKey = exp( bobKey, aKpair.secret );

Key@Bob sharedKey = exp( aliceKey, bKpair.secret );

Example

(22)

What about conditionals?

(23)

Distributed Authentication Example

(24)

Distributed Authentication Example

(25)

Distributed Authentication

Boolean@IP valid = calcHash( salt, credentials.password )

>> ch_Client_IP::< String >com

>> ClientRegistry@IP::check;

if( valid ){

AuthToken@IP t = [email protected]();

return new AuthResult@( Client, Service )(

ch_Client_IP.< AuthToken >com( t ), ch_Service_IP.< AuthToken >com( t ) );

} else {

return new AuthResult@( Client, Service )();

}

Example

(26)

Distributed Authentication

Boolean@IP valid = calcHash( salt, credentials.password )

>> ch_Client_IP::< String >com

>> ClientRegistry@IP::check;

if( valid ){

AuthToken@IP t = [email protected]();

return new AuthResult@( Client, Service )(

ch_Client_IP.< AuthToken >com( t ), ch_Service_IP.< AuthToken >com( t ) );

} else {

Example

(27)

Distributed Authentication

Boolean@IP valid = calcHash( salt, credentials.password )

>> ch_Client_IP::< String >com

>> ClientRegistry@IP::check;

if( valid ){

ch_Client_IP.< EnumBoolean >select( [email protected] );

ch_Service_IP.< EnumBoolean >select( [email protected] );

AuthToken@IP t = [email protected]();

return new AuthResult@( Client, Service )(

ch_Client_IP.< AuthToken >com( t ), ch_Service_IP.< AuthToken >com( t ) );

} else {

ch_Client_IP.< EnumBoolean >select( [email protected] );

ch_Service_IP.< EnumBoolean >select( [email protected] );

return new AuthResult@( Client, Service )();

}

• Knowledge of Choice

Example

(28)

Wrap things up!

• Choreographies are objects

(29)

Wrap things up!

• Choreographies are objects

• Mainstream software

development

(30)

Wrap things up!

• Choreographies are objects

• Mainstream software development

• Supports modularity

(31)

Wrap things up!

• Choreographies are objects

• Mainstream software development

• Supports modularity

• Possible use of multiple

(32)

Thank you for listening!

More at https://choral-lang.org

References

Download now ( PDF - 32 Page - 0.95 MB )

Related documents

Franz Kafka

In addition to Bergmann, Pollak and especially Brod, this group was part of the extended German-speaking literary world of Prague, most of whom were Jews: the blind novelist Oskar

Mostar Airport strategic development model

With the fact that Bosnia and Herzegovina is a country with a low gross domestic product and the population has low purchasing power, in order to plan the potential traffic from the

Multicriteria Decision Aid to support Multilateral Environmental Agreements in assessing international forestry projects

The ELECTRE TRI model was used for assessing synergies at the project level, and has been a useful tool to quantify the performance of afforestation and reforestation projects

TELE 301 Network Management. Lecture 18: Network Security

•  Alice sends “I am Alice”, to Bob •  Bob sends a nonce, R, to Alice •  Alice encrypts the nonce using. Alice and Bob’s symmetric secret key, K A-B , and sends it

Federated Product Information Search and Semantic Product Comparisons on the Web

This chapter is divided into research areas concerning the information access (document retrieval, federated search, and federated ranking), the information extraction

Joint optimization of spectrum and energy efficiency in cognitive radio networks

Wang, Resource allocation for heterogeneous multiuser OFDM-based cognitive radio networks with imperfect spectrum sensing, in: Proceedings of the IEEE INFOCOM'12, Orlando, FL, 2012,

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Using the public key of Root4, Alice can follow the chain of certificates from Root4 to Bob Alice can then extract and verify Bob’s public

The relationship between vitamin A and ferritin towards malondialdehyde level among Javanese male smokers

This was a case control study involving 60 individuals consisting of 30 smokers as case group and 30 nonsmokers as control group. Subjects were Javanese men who lived in