XI Commandments of Kubernetes Security: A Systematization of Knowledge Related to Kubernetes Security Practices

XI Commandments of Kubernetes Security: A Systematization of Knowledge Related to Kubernetes Security Practices

연구 분야: Software Development

학회: 2020 IEEE Secure Development (SecDev)

Kubernetes is an open-source software for automat- ing management of computerized services. Organizations, such as IBM, Capital One and Adidas use Kubernetes to deploy and manage their containers, and have reported benefits related to deployment frequency. Despite reported benefits, Kubernetes deployments are susceptible to security vulnerabilities, such as those that occurred at Tesla in 2018. A systematization of Kubernetes security practices can help practitioners mitigate vulnerabilities in their Kubernetes deployments. The goal of this paper is to help practitioners in securing their Kubernetes installations through a systematization of knowledge related to Kubernetes security practices. We systematize knowledge by applying qualitative analysis on 104 Internet artifacts. We identify 11 security practices that include (i) implementation of role-based access control (RBAC) authorization to provide least privilege, (ii) applying security patches to keep Kubernetes updated, and (iii) implementing pod and network specific security policies.