Mytilinakis, 2020 - Google Patents
Attack methods and defenses on KubernetesMytilinakis, 2020
View PDF- Document ID
- 2971656265025927508
- Author
- Mytilinakis P
- Publication year
External Links
Snippet
The increasing rate of adoption of containers and container orchestration in cloud computing and on premise arises a number of questions about their security. Kubernetes combined with Docker is by far the most frequently adopted solution for implementing containerized …
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yu et al. | A survey on security issues in services communication of Microservices‐enabled fog applications | |
| Lal et al. | NFV: Security threats and best practices | |
| Alyas et al. | Container performance and vulnerability management for container security using docker engine | |
| Kumar et al. | Exploring security issues and solutions in cloud computing services–a survey | |
| Chandramouli et al. | Security assurance requirements for linux application container deployments | |
| Mytilinakis | Attack methods and defenses on Kubernetes | |
| Sood | Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks | |
| Tripathi | Attacking and defending kubernetes | |
| Rahalkar | Certified Ethical Hacker (CEH) Foundation Guide | |
| Saxena | Container image security with trivy and istio inter-service secure communication in kubernetes | |
| Budigiri et al. | Zero-cost in-depth enforcement of network policies for low-latency cloud-native systems | |
| Zhang et al. | Security in network functions virtualization | |
| Binkowski et al. | Securing 3rd party app integration in docker-based cloud software ecosystems | |
| Kim et al. | Security consideration of each layers in a cloud-native environment | |
| Revuelta Martinez | Study of Security Issues in Kubernetes (K8s) Architectures; Tradeoffs and Opportunities | |
| Adam et al. | Partially Trusting the Service Mesh Control Plane | |
| US20210064776A1 (en) | Secure Data Processing In A Third-Party Cloud Environment | |
| Udayakumar | Design and deploy security for infrastructure, data, and applications | |
| Giangiulio et al. | Testing the Security of a Kubernetes Cluster in a Production Environment | |
| Faynberg et al. | NFV security: Emerging technologies and standards | |
| Halinen | Security Risks for Sidecar Containers in Kubernetes | |
| Morfonios | Kubernetes cybersecurity | |
| Budigiri et al. | Elastic Cross-Layer Orchestration of Network Policies in the Kubernetes Stack | |
| Rangta | Tools for Security Auditing and Hardening in Microservices Architecture | |
| Pidlubnyi | Increasing Security and Reducing Risks Running Services in a Potential Containerized Environment While Meeting Regulatory Standards |