Abstract
Kubernetes (K8s) is one of the best options available to deploy applications in large-scale infrastructures. Security has been a big concern for all practitioners in the K8s eco-system. Almost all cloud vendors have their security solution for K8s cluster, pods, workloads, etc. In recent years, a large number of open-source tools and projects related to K8s security have emerged to meet the increased demand for enhanced security in these systems. Following this general need and trend, we propose a new design for automatic K8s cluster AppArmor profile generation. Our design is based on a most recent work of automatic AppArmor policy generator for Docker containers called Lic-Sec. The system collects the behavioral data of application containers in all worker nodes distributively, then centrally transforms the data to AppArmor policies for each application container, and enforces the policies without interrupting the service. We present a prototype of the system using Google K8s environment and with an AppArmor profile for a WordPress personal blog. We show that the security policies generated by the system can defend one typical kind of attack which targets all WordPress's XML-RPC interface.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
