Zero trust framework for microservices security: analysis, design, and implementation

Lafarga Poyo, Francisco

Publicación:
Zero trust framework for microservices security: analysis, design, and implementation

dc.contributor.advisor	Abad Cardiel, Ismael
dc.contributor.author	Lafarga Poyo, Francisco
dc.date.accessioned	2025-07-11T16:20:06Z
dc.date.available	2025-07-11T16:20:06Z
dc.date.issued	2025-07-09
dc.description.abstract	In the contemporary landscape of cloud-native software development, microservices architecture has gained traction due to its modularity, scalability, and agility. However, this shift introduces notable security challenges, particularly around authentication and access control. This thesis explores the comparative e ectiveness of centralized and distributed authentication models within a Zero Trust Architecture (ZTA) framework. The study follows three main phases: analysis of the state of the art, design and implementation of both authentication models, and empirical evaluation through simulated attack scenarios. The centralized model employs a single Identity Provider (IdP) and an API gateway to manage authentication and authorization, simplifying policy enforcement but potentially creating a single point of failure. In contrast, the distributed model delegates authentication to each microservice, enforcing mutual Transport Layer Security (TLS) and local JSON Web Token (JWT) validation to better re ect Zero Trust principles. To assess their resilience, both models were deployed in a uni ed cloud environment and subjected to attacks such as lateral movement, token replay, identity spoo ng, and denial-of-service (DoS). Results show that the distributed model provides stronger defense-in- depth, e ectively blocking internal unauthorized access and spoo ng attempts through per- service validation and cryptographic identities. However, it adds operational complexity in managing certi cates and keys. In terms of performance, both architectures exhibited acceptable response times under normal load. Under stress, the centralized gateway absorbed load more predictably, while the distributed model preserved availability by dispersing requests, albeit with higher tail latency and occasional errors. Operationally, the centralized model favors simplicity and rapid policy rollout, while the distributed model requires greater automation and engineering discipline. The study concludes that model selection should align with organizational priorities: Centralized authentication suits API-centric systems with streamlined governance needs, while distributed models are better for highly regulated, multi-tenant, or security-sensitive environments. This research contributes a practical, evidence-based comparison of two leading authentication strategies in microservices under ZTA, providing architectural guidance and a replicable testing framework for future research and enterprise use.	en
dc.identifier.citation	Lafarga Poyo, Francisco. Trabajo fin de Máster: "Zero trust framework for microservices security: analysis, design, and implementation". Universidad Nacional de Educación a Distancia (UNED), 2025
dc.identifier.uri	https://hdl.handle.net/20.500.14468/29428
dc.language.iso	en
dc.publisher	Universidad Nacional de Educación a Distancia (UNED)
dc.relation.center	E.T.S. de Ingeniería Informática
dc.relation.degree	Máster universitario en Investigación en Ingeniería de Software y Sistemas Informáticos
dc.relation.department	Ingeniería de Software y Sistemas Informáticos
dc.rights	info:eu-repo/semantics/openAccess
dc.rights.uri	Atribución-NoComercial-SinDerivadas 4.0 Internacional
dc.subject	1203.17 Informática
dc.subject.keywords	Zero Trust Architecture	en
dc.subject.keywords	Microservices	en
dc.subject.keywords	Authentication	en
dc.subject.keywords	Centralized Authentication	en
dc.subject.keywords	Distributed Authentication	en
dc.subject.keywords	Identity and Access Management	en
dc.subject.keywords	Cybersecurity	en
dc.title	Zero trust framework for microservices security: analysis, design, and implementation	en
dc.type	tesis de maestría	es
dc.type	master thesis	en
dspace.entity.type	Publication