The reviewed record of science sign in
Pith

arxiv: 2404.05598 · v1 · pith:ZPR3U7KG · submitted 2024-04-08 · cs.CR · cs.CY· cs.DC· cs.SE

Hook-in Privacy Techniques for gRPC-based Microservice Communication

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:ZPR3U7KGrecord.jsonopen to challenge →

classification cs.CR cs.CYcs.DCcs.SE
keywords techniquesprivacyadvancedgrpcdataapproacharchitecturescommunication
0
0 comments X
read the original abstract

gRPC is at the heart of modern distributed system architectures. Based on HTTP/2 and Protocol Buffers, it provides highly performant, standardized, and polyglot communication across loosely coupled microservices and is increasingly preferred over REST- or GraphQL-based service APIs in practice. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport encryption and basic token-based authentication. Such advanced techniques are, however, increasingly important for fulfilling regulatory requirements. For instance, anonymizing or otherwise minimizing (personal) data before responding to requests, or pre-processing data based on the purpose of the access may be crucial in certain usecases. In this paper, we therefore propose a novel approach for integrating such advanced privacy techniques into the gRPC framework in a practically viable way. Specifically, we present a general approach along with a working prototype that implements privacy techniques, such as data minimization and purpose limitation, in a configurable, extensible, and gRPC-native way utilizing a gRPC interceptor. We also showcase how to integrate this contribution into a realistic example of a food delivery use case. Alongside these implementations, a preliminary performance evaluation shows practical applicability with reasonable overheads. Altogether, we present a viable solution for integrating advanced privacy techniques into real-world gRPC-based microservice architectures, thereby facilitating regulatory compliance ``by design''.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.