Kubernetes-Driven Network Security for Distributed ACL Management

Kubernetes-Driven Network Security for Distributed ACL Management

연구 분야: Software Development

학회: 2024 8th Cyber Security in Networking Conference (CSNet)

Access Control List (ACL) management in complex, distributed network environments poses significant challenges for organizations relying on heterogeneous infrastructures. This paper proposes a novel architecture leveraging Infrastructure as Code principles, containerization, and Kubernetes orchestration to automate and streamline ACL management at scale. Our solution incorporates a CI/CD pipeline for ACL generation, utilizing Capirca for platform-agnostic policy definition and Docker for consistent packaging. A Kubernetes Deployment Controller manages the safe rollout of ACLs across diverse network devices, employing a phased approach with canary deployments. A Drift Detection Controller ensures continuous compliance by monitoring and rectifying unauthorized changes. The architecture integrates with external systems like NetBox for efficient device inventory management. By automating the entire ACL lifecycle, our approach significantly reduces manual errors, enhances security posture, and improves operational efficiency. Performance evaluation reveals strong scalability, with optimization opportunities for large-scale deployments. This work contributes to the evolving field of network security automation, offering a framework for managing network security policies in modern, complex infrastructures.