Zero Trust Security Model in Microservices Architecture
1. Dr. B. Samatha
Department of Computer Science and Engineering,
Koneru Lakshmaiah Education Foundation,
Vaddeswaram 522502, Andhra Pradesh, India.
e-mail: bsamatha@kluniverstiy.in
2. A. Saketh
Department of Computer Science and, Engineering
Koneru Lakshmaiah Education Foundation,
Vaddeswaram 522502, Andhra Pradesh, India.
e-mail: 2200031792@kluniverstiy.in
4. G. Manikanta
Department of Computer Science and, Engineering
Koneru Lakshmaiah Education Foundation,
Vaddeswaram 522502, Andhra Pradesh, India.
e-mail: 2200032627@kluniverstiy.in
3. K. Naveen Kumar
Department of Computer Science and, Engineering
Koneru Lakshmaiah Education Foundation,
Vaddeswaram 522502, Andhra Pradesh, India.
e-mail: 2200032310@kluniverstiy.in
Abstract— This paper introduces Zero which is a layer (Spring) security platform, which implements zero-trust access to heterogeneous meshes-of-services. Marriage of the adaptive risk scoring and device fingerprinting system is combined with OAuth-like session tokens and multi-factor authentication using time-synchronized OTP challenges transmitted using hardened SMTP mailers. Zero combines rate-limited OTP issuing, policy- aware flows of sessions and contextual authorization based upon the telemetry from both stacks. Analysis of the Python and Java backends shows that the least-privilege controls have been consistently enforced, exposure to credential replay is minimized, as well as cross-mesh interactions full traceability has been achieved. We demonstrate that modest dynamic incursion-oriented SQLite storage options with JVM based audit trails keep compliance observable even at sub-100 ms authorization lag times, rendering Zero appropriate to midsize businesses aimed at the focus of achieving some bypassed zero- trust implementation.
Keywords— Zero trust; multi-factor authentication; OTP enforcement; service mesh security; adaptive access control; device fingerprinting; dual-stack architecture; Spring Boot; risk- based authorization.
