In serverless computing, applications are composed of stand-alone microservices that are invoked and scale up independently. Peerto-peer protocols can be used to enable decentralized communication among the services that compose each application. This paper presents Themis, a framework for secure service-to-service interaction targeting these environments and the underlying service mesh architectures. Themis builds on a notion of decentralized identity management to allow confidential and authenticated service-toservice interaction without the need for a centralized certificate authority. Themis adopts a layered architecture. Its lower layer forms a core communication protocol pair that offers strong security guarantees without depending on a centralized point of authority. Building on this pair, an upper layer provides a series of actions related to communication and identifier management-e.g., store, find, and join. This paper analyzes the security properties of Themis's protocol suite and shows how it provides a decentralized and flexible communication platform. The evaluation of our Themis prototype targeting serverless applications written in JavaScript shows that these security benefits come with small runtime latency and throughput overheads, and modest startup overheads.
CCS CONCEPTS• Security and privacy → Security protocols.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.