The draft of NIST Special Publication (SP) 800-233, titled “Service Mesh Proxy Models for Cloud-Native Applications,” is now available for public comment. This document addresses the rise of service mesh as the main infrastructure for application services in cloud-native environments. Service mesh facilitates essential runtime functions, such as network connectivity and access control, through proxies that form the data plane.
For a copy of the draft and instructions on submitting comments, please refer to the publication details here. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications here.
Different proxy models or data plane architectures have evolved based on how network layer functions (L4 and L7) are distributed and how closely proxies are associated with individual services or computing nodes. The draft aims to analyze these architectures and develop threat profiles for each, assessing potential risks and offering recommendations for their application in cloud-native environments with varying risk profiles.
