The initial public draft of NIST Special Publication (SP) 800-233, Service Mesh Proxy Models for Cloud-Native Applications, is now available for public comment.
The service mesh has become the de facto application services infrastructure for cloud-native applications. It enables an application’s runtime functions (e.g., network connectivity, access control, etc.) through proxies that form the data plane of the service mesh. Different proxy models or data plane architectures have emerged, depending on the distribution of the network layer functions (i.e., L4 and L7) and the granularity of association of the proxies to individual services/computing nodes.
The purposes of this document are two-fold:
- Develop a threat profile for each of the data plane architectures by considering a set of potential threats to various proxy functions and assign scores to the impacts and likelihoods of their exploits.
- Analyze the service mesh capabilities that are required for each class of cloud-native applications with different risk profiles (i.e., low, medium, and high) and provide recommendations for the data plane architectures or proxy models that are appropriate and applicable for each class.
The public comment period is open through September 3, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.