The present disclosure relates to a system and computerized method for providing a security-aware partitioning of processes in cloud computing and other distributed environments.
In some systems, modularization of different types of applications can be performed across one or more processors or processing units. The spread of applications to distributed solutions leads to communication requirements provided, in some instances, by middleware systems (e.g., enterprise application integration, data or event steam processors and pipelines, and more). Single data processors can be organized in a process-like manner (referred to as “processes”) that are executed in one or many instances of a middleware system (including micro-services, serverless computing, and other systems).
Vendors of such systems or platforms have an interest in operating these processes at a lowest possible cost while guaranteeing and supporting specific service qualities and respecting all relevant security aspects, such as confidentiality (e.g., a process of customer A is not able to read or change the data processed in the process of customer B). To do so, many current systems separate the processes of different customers/tenants by isolating them in different processing units by tenant (e.g., through runtime containers, virtual machines (VMs), or containers), thereby ensuring that no data is shared across processes of different customers.