Related papers: Optimizing Intra-Container Communication with Memory Protection Keys: A Novel Approach to Secure and Efficient Microservice Interaction

Optimizing Intra-Container Communication with Memory Protection Keys: A Novel Approach to Secure and Efficient Microservice Interaction

URL: http://arxiv.org/abs/2505.07836v1
Date: Sun, 04 May 2025 13:34:56 GMT
Title: Optimizing Intra-Container Communication with Memory Protection Keys: A Novel Approach to Secure and Efficient Microservice Interaction
Authors: Fnu Yashu, Shubham Malhotra, Muhammad Saqib,
Abstract summary: This paper introduces MPKLink, leveraging Intel Memory Protection Keys (MPK) to enhance intra-container communication efficiency.<n>By utilizing shared memory with MPK-based access control, we eliminate unnecessary networking latencies.<n>We present a comprehensive evaluation of MPKLink, demonstrating its superior performance over conventional methods.
Score: 1.1558517091394516
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In modern cloud-native applications, microservices are commonly deployed in containerized environments to ensure scalability and flexibility. However, inter-process communication (IPC) between co-located microservices often suffers from significant overhead, especially when traditional networking protocols are employed within containers. This paper introduces a novel approach, MPKLink, leveraging Intel Memory Protection Keys (MPK) to enhance intra-container communication efficiency while ensuring security. By utilizing shared memory with MPK-based access control, we eliminate unnecessary networking latencies, leading to reduced resource consumption and faster response times. We present a comprehensive evaluation of MPKLink, demonstrating its superior performance over conventional methods such as REST and gRPC within microservice architectures. Furthermore, we explore the integration of this approach with existing container orchestration platforms, showcasing its seamless adoption in real-world deployment scenarios. This work provides a transformative solution for developers looking to optimize communication in microservices while maintaining the integrity and security of containerized applications.

Related papers

MEM1: Learning to Synergize Memory and Reasoning for Efficient Long-Horizon Agents [84.62985963113245]
We introduce MEM1, an end-to-end reinforcement learning framework that enables agents to operate with constant memory across long multi-turn tasks.<n>At each turn, MEM1 updates a compact shared internal state that jointly supports memory consolidation and reasoning.<n>We show that MEM1-7B improves performance by 3.5x while reducing memory usage by 3.7x compared to Qwen2.5-14B-Instruct on a 16-objective multi-hop QA task.
arXiv Detail & Related papers (2025-06-18T19:44:46Z)
MCP Guardian: A Security-First Layer for Safeguarding MCP-Based AI System [0.0]
We present MCP Guardian, a framework that strengthens MCP-based communication with authentication, rate-limiting, logging, tracing, and Web Application Firewall (WAF) scanning.<n>Our approach fosters secure, scalable data access for AI assistants, underscoring the importance of a defense-in-depth approach.
arXiv Detail & Related papers (2025-04-17T08:49:10Z)
MCP Bridge: A Lightweight, LLM-Agnostic RESTful Proxy for Model Context Protocol Servers [0.5266869303483376]
MCP Bridge is a lightweight proxy that connects to multiple MCP servers and exposes their capabilities through a unified API.<n>The system implements a risk-based execution model with three security levels standard execution, confirmation, and Docker isolation while maintaining backward compatibility with standard MCP clients.
arXiv Detail & Related papers (2025-04-11T22:19:48Z)
Fundamental Limits of Hierarchical Secure Aggregation with Cyclic User Association [93.46811590752814]
Hierarchical secure aggregation is motivated by federated learning.<n>In this paper, we consider HSA with a cyclic association pattern where each user is connected to $B$ consecutive relays.<n>We propose an efficient aggregation scheme which includes a message design for the inputs inspired by gradient coding.
arXiv Detail & Related papers (2025-03-06T15:53:37Z)
Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code [6.200058263544999]
IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information. The proposed framework contains a "control plane" to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies. We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Istio, and Open Policy Agent to validate the framework.
arXiv Detail & Related papers (2024-06-27T01:03:23Z)
Design Optimization of NOMA Aided Multi-STAR-RIS for Indoor Environments: A Convex Approximation Imitated Reinforcement Learning Approach [51.63921041249406]
Non-orthogonal multiple access (NOMA) enables multiple users to share the same frequency band, and simultaneously transmitting and reflecting reconfigurable intelligent surface (STAR-RIS) deploying STAR-RIS indoors presents challenges in interference mitigation, power consumption, and real-time configuration. A novel network architecture utilizing multiple access points (APs), STAR-RISs, and NOMA is proposed for indoor communication.
arXiv Detail & Related papers (2024-06-19T07:17:04Z)
Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z)
Top-k Multi-Armed Bandit Learning for Content Dissemination in Swarms of Micro-UAVs [2.3076690318595676]
This paper presents a Micro-Unmanned Aerial Vehicle (UAV)-enhanced content management system for disaster scenarios where communication infrastructure is generally compromised.<n>In the developed architecture, stationary anchor UAVs, equipped with vertical and lateral links, serve users in individual disaster-affected communities.<n>Mobile micro-ferrying UAVs, with enhanced mobility, extend coverage across multiple such communities.
arXiv Detail & Related papers (2024-04-16T18:47:07Z)
Hook-in Privacy Techniques for gRPC-based Microservice Communication [0.0]
gRPC is at the heart of modern distributed system architectures. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport and basic token-based authentication. We propose a novel approach for integrating such advanced privacy techniques into the gRPC framework in a practically viable way.
arXiv Detail & Related papers (2024-04-08T15:18:42Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
ScionFL: Efficient and Robust Secure Quantized Aggregation [36.668162197302365]
We introduce ScionFL, the first secure aggregation framework for federated learning. It operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. We show that with no overhead for clients and moderate overhead for the server, we obtain comparable accuracy for standard FL benchmarks.
arXiv Detail & Related papers (2022-10-13T21:46:55Z)
Modular Interactive Video Object Segmentation: Interaction-to-Mask, Propagation and Difference-Aware Fusion [68.45737688496654]
We present a modular interactive VOS framework which decouples interaction-to-mask and mask propagation. We show that our method outperforms current state-of-the-art algorithms while requiring fewer frame interactions.
arXiv Detail & Related papers (2021-03-14T14:39:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.