2026 Theses Doctoral

Harnessing Intrinsic and Emergent Traits for Microservice Security and Performance

Pancholi, Meghna

Over the last decade, we have seen a fundamental shift in software architecture. We have transitioned from monolithic applications, with tightly coupled components and slow release cycles, to the microservice paradigm. We now decompose large applications into collections of small, independent, and loosely coupled services, which underpin our modern cloud computing due to their scalability, resilience, and development agility. This agility, however, comes at a high operational cost. Moving from a monolith to a distributed system creates challenges that we operators continue to struggle to manage.

First, it introduces immense complexity in performance and efficiency: whereas profiling a monolith is relatively straightforward, a single request in a microservice application can trigger a cascade of calls across dozens of services, making it difficult to understand end-to-end latency, identify bottlenecks, and provision resources efficiently. Second, it fragments the attack surface. A monolith presents a single security boundary, whereas a microservice architecture presents hundreds of smaller, networked attack surfaces. In this distributed, heterogeneous, and dynamic environment, traditional coarse-grained security measures are insufficient and impractical to maintain.

Conventionally, we treat distribution, heterogeneity, and dynamism as problems we must mitigate. In this dissertation, we challenge that view, arguing that when we properly understand these traits, they are opportunities we can harness. We advance the thesis that by leveraging the intrinsic and emergent traits of microservices, we can make our systems more secure, lower-latency, and more resource-efficient.

To validate this claim, we present three research contributions that directly leverage these traits. First, we address security with Santa by exploiting the intrinsic traits of statelessness and resilience. Santa is a language-agnostic system where we automatically generate fine-grained system call policies by observing stable runtime behavior via extended Berkeley Packet Filter (eBPF), thereby shrinking our attack surface. Second, we extend our Santa security model with Polygraph, showing that the simplicity of microservices and their stable behavioral patterns are well suited to high-precision anomaly detection. Here, we use Hidden Markov Models to detect novel threats as statistical deviations with minimal false positives. Third, we address performance and efficiency with Calligator by harnessing the emergent trait of traceable request flows. With Calligator, we apply critical path analysis to distributed traces. By modeling request execution as a dependency graph, we identify true bottlenecks, enable what-if latency prediction, and guide our resource allocation.