Network Security Policies for Containers in Cloud Applications

Thumbnail Image

Files

master_Verma_Vishal_2024.pdf (1.58 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2024-01-22

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3084

Degree programme

Master’s Programme in Computer, Communication and Information Sciences

Language

en

Pages

59 + 7

Series

Abstract

This thesis delves into implementing network security policies within the application namespace of a Kubernetes cluster. As containerization and reliance on cloud environments continue to grow, robust network security becomes increasingly crucial. This research investigates the utilization of a specific port scanning tool in a Kubernetes cluster and utilizes a Container Network Interface (CNI) plugin to enforce network policies derived from the tool’s scanning results. The study offers an in-depth background on containerization, cloud applications, Kubernetes, and network security. Through a literature review, it highlights previous studies and approaches in the field, identifying existing challenges and gaps. The problem statement defines the necessity for an effective solution to enhance network security policies within containerized cloud environments. To address this, a test environment comprising a Kubernetes cluster and the chosen port scanning tool is established. The selected CNI plugin enforces network policies generated by the tool based on port scanning outcomes. The proposed solution undergoes evaluation and validation via experiments and analysis. This study contributes to the expanding knowledge base on network security in containerized cloud applications. Organizations can fortify their network security policies by employing the port scanning tool and CNI plugin, thereby reducing potential risks in their cloud-based environments. While applicable to various Kubernetes clusters, its primary focus remains the implementation and optimization of security measures within the MXIE, Nokia’s Kubernetes cluster tailored for Edge ecosystems. The insights derived from this research provide valuable guidance and practical implications for practitioners and researchers involved in cloud security and containerization domains.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Peylo, Martin

Keywords

container security, network policies, kubernetes, container network interface, cloud computing

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202401282096

Collections

[dipl] Perustieteiden korkeakoulu / SCI