SARIK - framework para automatizar a segurança em ambientes de orquestração kubernetes

  • Jonathan G. P. dos Santos UnB
  • Geraldo P. Rocha Filho UnB
  • Vinícius P. Gonçalves UnB
DOI: https://doi.org/10.5753/sbrc_estendido.2022.223438

Abstract


This paper demonstrates SARIK, an automatic security framework of Iptables’ rules in environments of Kubernetes’ orchestration. SARIK was developed in shell script and used Microsoft Visual Studio IDE as a tool for the development of the software; the language was chosen because of its presence in the majority of the cloud platforms, therefore, it does not require the need of dependencies’ installation to the framework functionality. Thus, this framework allows fast protection of the nodes layer through the automatic setting of firewall’s rules on uncountable PODs (PODs are the smallest and basic objects implementable on the Kubernetes) contained in a cluster. By blocking and opening ports, SARIK inspects each node, storing their ports and blocking the ones that can bring risk to the containers. The developer does not need to protect their containers, this is a task done by SARIK. The functioning of SARIK is evaluated in a controlled environment with minikube and with a voting application containing deployment, namespace, and services. With the use of SARIK, developers reach a reduction in the manual work, due to the automatization of Iptables’ rules and, with that, the node layer protection is guaranteed.

References

Alley, A. (2020). Cloud providers see ”aggressive” growth amidst covid-19 pandemic.

Balabanian, F. and Henriques, M. (2019). Tocker: framework para a segurança de containers docker. In Anais Estendidos do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 145–154. SBC.

Burns, B., Grant, B., Oppenheimer, D., Brewer, E., and Wilkes, J. (2016). Borg, omega, and kubernetes. Communications of the ACM, 59(5):50–57.

da Costa Cordovil, M. G., Farias, F. N. N., and Abelém, A. J. G. (2020). vsdnemul: Emulando de redes definidas por softwares através de contêineres docker. In Anais Estendidos do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 49–56. SBC.

Kulathunga, R. (2021). Dynamic security model for container orchestration platform. PhD thesis.

Silva, F. (2018). Docker: como hackers estão explorando conteinerização.

Simone, S. D. (2019). Cenário de segurança do ecossistema docker e melhores práticas.

Souza, J., Santos, A., Bandini, M., Klôh, H., and Schulze, B. (2016). Rufus: Ferramenta para o gerenciamento de infraestrutura para a execução de aplicações em containers.

Vermee, B. and Henry, W. (2019). Shifting docker security left.
Published
2022-05-23
How to Cite

Select a Format
SANTOS, Jonathan G. P. dos; ROCHA FILHO, Geraldo P.; GONÇALVES, Vinícius P.. SARIK - framework para automatizar a segurança em ambientes de orquestração kubernetes. In: DEMO SESSION - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 40. , 2022, Fortaleza/CE. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2022 . p. 57-64. ISSN 2177-9384. DOI: https://doi.org/10.5753/sbrc_estendido.2022.223438.