Intelligent Service Mesh Framework for API Security and Management Fatima Hussain Royal Bank of Canada Toronto, Canada fatima.hussain@rbc.com Owen Li Weiyue Royal Bank of Canada Toronto, Canada owen.li@rbc.com Brett Noye Royal Bank of Canada Toronto, Canada brett.noye@rbc.com Salah Sharieh Royal Bank of Canada Toronto, Canada salah.sharieh@rbc.com Alexander Ferworn Department of Computer Science Ryerson University Toronto, Canada aferworn@ryerson.ca Abstract—With the advancements in enterprise-level business development, the demand for new applications and services is overwhelming.For the development and delivery of such appli- cations and services, enterprise businesses rely on Application Programming Interfaces (APIs). API management and classifi- cation is a cumbersome task considering the rapid increase in the number of APIs, and API to API calls. API Mashups, domain APIs and API service mesh are a few recommended techniques for ease of API creation, management, and monitoring. API service mesh is considered as one of the techniques in this regard, in which the service plane and the control plane are separated for improving efficiency as well as security. In this paper, we propose and implement a security framework for the creation of a secure API service mesh using Istio and Kubernetes. Afterwards, we propose an smart association model for automatic association of new APIs to already existing categories of service mesh. To the best of our knowledge, this smart association model is the first of its kind. Index Terms—API Security, Service Mesh, Machine Learning enabled Security I. I NTRODUCTION Application Programming Interface (API) is the new trend and technological wave of web applications, which is changing the face of business as well as collaborative enterprise trends and strategies. However, it is very difficult for developers as well as organizations to cope with the constantly growing numbers of APIs, and to develop strategies for managing evolving API landscapes. Today organizations are supporting and developing an API culture that allows them to decentralize the development and testing workload and at the same time maximize their design and development investments. API service mesh and domain APIs are recommended for sharing APIs information and perform aggregation to support and publish new generations of Web applications. Service mesh can be formally defined as: an innovative method of combining and managing APIs for creating new web applica- tions by combining and utilizing existing data and Web APIs. A few well known platforms are; IBMs QEDWiki, Google Mashup editor, Yahoo Pipes and Microsofts Popfly etc. Service mesh performs and many other functions including: • traffic monitoring- metrics, tracing(ingress and engress), logs • access control- plug able policy layer and rate control • automatic load balancing • security- authentication and authorization and many other functions 1) Related Work: As service mesh is a new concept and academic literature is still evolving. Most of the available work is based on complementing existing commercial solutions. This existing work is summarized in [1], in which the authors present various challenges associated with implementation of service-mesh along with future research opportunities. [2], discusses transition and technical activities for smoothly switching to micro-service architecture (also known as mi- cro servitization) from the conventional software architecture style. The authors present systematic mapping activities and consolidate various views and approaches for transitioning to micro-services, with special focus on micro-service granularity and modelling approaches. In [3], the authors discuss and argue on fundamental mismatch between software systems and self-adaptation services. They argue that the basic hindrance to systematic reuse of existing self-adaptation solutions is the lack of description of adaptation needs and the architectural models and adaptation mechanisms supported by existing self- adaptation services and /or frameworks. They also identify various patterns for adding self-adaptation capabilities into existing systems. The authors of [4], present the software prototype of rsi-Hub for IoT networks. The authors use this tool-set for dynamic resource slicing of network functions and cloud services for IoT networks cloud applications. They present various techniques for resource provisioning with provider coordina- tion and demonstrated techniques for deploying appropriate services and artifacts for the entire life-cycle of resource 978-1-7281-2530-5/19/$31.00 ©2019 Crown