SARIK: A proposed Framework for enhancing security in Kubernetes through network policies
Abstract
The increasing adoption of Kubernetes as a container orchestration platform brings benefits to the management of distributed applications but also poses security challenges, especially concerning the control of traffic between components. This dissertation presents the SARIK framework (Automatic Security of Iptables Rules in Kubernetes), a framework that automates network policies to enhance the security of Kubernetes clusters. The methodology includes the integration of SARIK into kube-proxy to dynamically apply blocking rules and traffic control. In a test environment with Minikube, Prometheus, and Grafana, metrics such as latency, response rate, and throughput were evaluated across different traffic scenarios. The results indicate that SARIK improves security by reducing network vulnerabilities while keeping the cluster’s performance practically unchanged. The analysis indicates that SARIK represents an advancement in automated security for Kubernetes, balancing protection and operational efficiency, with the potential for future large-scale adaptations.
Keywords:
Kubernetes, Network policies, Framework SARIK, Security
References
Balabanian, F. and Henriques, M. (2019). Tocker: framework para a segurança de containers docker. In Anais Estendidos do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 145–154. SBC.
Beyer, B., Jones, C., Petoff, J., and Murphy, N. R. (2016). Site Reliability Engineering: How Google Runs Production Systems. O’Reilly Media, Sebastopol, CA.
Calixto, G. M. (2024). Computação em nuvem e tecnologias emergentes. Editora Senac São Paulo.
Dean, J. and Barroso, L. A. (2013). The tail at scale. Communications of the ACM, 56(2):74–80.
dos Santos, J. G., Rocha Filho, G. P., and Goncalves, V. P. (2022). Sarik-framework para automatizar a segurança em ambientes de orquestracao kubernetes. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 57–64. SBC.
dos Santos, J. G., Rocha Filho, G. P., Meneguette, R. I., Bonacin, R., Pessin, G., and Gonçalves, V. P. (2025). Enhancing iot device security in kubernetes: An approach adopted for network policies and the sarik framework. Future Generation Computer Systems, 162:107485.
Kulathunga, R. (2021). Dynamic security model for container orchestration platform. PhD thesis.
Levy Rocha, S., Lopes de Mendonca, F. L., Staciarini Puttini, R., Rabelo Nunes, R., and Amvame Nze, G. D. (2023). Dcids—distributed container ids. Applied Sciences, 13(16):9301.
Nam, J., Lee, S., Seo, H., Porras, P., Yegneswaran, V., and Shin, S. (2020). {BASTION}: A security enforcement network stack for container networks. In 2020 USENIX Annual Technical Conference (USENIX ATC 20), pages 81–95.
Secure, S. (2023). Documentação sysdig secure.
Tanenbaum, A. S. and Van Steen, M. (2007). Distributed Systems: Principles and Paradigms. Pearson Prentice Hall.
Zhu, H. and Gehrmann, C. (2022). Kub-sec, an automatic kubernetes cluster apparmor profile generation engine. In 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS), pages 129–137. IEEE.
Beyer, B., Jones, C., Petoff, J., and Murphy, N. R. (2016). Site Reliability Engineering: How Google Runs Production Systems. O’Reilly Media, Sebastopol, CA.
Calixto, G. M. (2024). Computação em nuvem e tecnologias emergentes. Editora Senac São Paulo.
Dean, J. and Barroso, L. A. (2013). The tail at scale. Communications of the ACM, 56(2):74–80.
dos Santos, J. G., Rocha Filho, G. P., and Goncalves, V. P. (2022). Sarik-framework para automatizar a segurança em ambientes de orquestracao kubernetes. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 57–64. SBC.
dos Santos, J. G., Rocha Filho, G. P., Meneguette, R. I., Bonacin, R., Pessin, G., and Gonçalves, V. P. (2025). Enhancing iot device security in kubernetes: An approach adopted for network policies and the sarik framework. Future Generation Computer Systems, 162:107485.
Kulathunga, R. (2021). Dynamic security model for container orchestration platform. PhD thesis.
Levy Rocha, S., Lopes de Mendonca, F. L., Staciarini Puttini, R., Rabelo Nunes, R., and Amvame Nze, G. D. (2023). Dcids—distributed container ids. Applied Sciences, 13(16):9301.
Nam, J., Lee, S., Seo, H., Porras, P., Yegneswaran, V., and Shin, S. (2020). {BASTION}: A security enforcement network stack for container networks. In 2020 USENIX Annual Technical Conference (USENIX ATC 20), pages 81–95.
Secure, S. (2023). Documentação sysdig secure.
Tanenbaum, A. S. and Van Steen, M. (2007). Distributed Systems: Principles and Paradigms. Pearson Prentice Hall.
Zhu, H. and Gehrmann, C. (2022). Kub-sec, an automatic kubernetes cluster apparmor profile generation engine. In 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS), pages 129–137. IEEE.
Published
2025-05-19
How to Cite
DOS SANTOS, Jonathan G. P.; ROCHA FILHO, Geraldo P.; GONÇALVES, Vinícius P..
SARIK: A proposed Framework for enhancing security in Kubernetes through network policies. In: DISSERTATION DIGEST - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 43. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 172-181.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2025.6879.
