Rest security framework for event streaming bus architecture

Businesses are confronted with a massive influx of real-time data originating from various sources such as application logs, website clickstreams, financial transactions, and IoTs telemetry data. This real-time data is processed and ingested at massive scales by event streaming and processing platforms. These platforms enable various heterogeneous applications to interact as producers and consumers of the data. However, this interaction poses a security risk as a single malicious application has the potential to impact confidentiality, integrity and availability of the data stream and the underlying platform. The existing security mechanisms are platform dependent, challenging to manage and keep up-to-date with the constantly evolving threat landscape. In this paper, we present a novel REST based security framework (RSF) that is independent of the underlying event streaming platform, establishes a security boundary that prevents external applications from directly interacting with the core system unless they meet certain security requirements, is easy to manage and scalable to address the emerging security challenges. We use Kafka as the base event streaming platform, being one of the most widely used in the industry, for developing and validating our RSF architecture. We also discuss the threat matrix of RSF to mitigate common threats and vulnerabilities. We deploy a prototype of the proposed RSF on an AWS EC2 instance and conduct a benchmark analysis using load testing tools to evaluate its performance on various parameters. The load testing is performed with varying numbers of users, ranging from a few hundred to over a thousand. The results demonstrate that RSF outperforms traditional Python-based Kafka client libraries significantly when the number of users increases. Specifically, the response time improves by 64.35% for 1K users when using RSF.