Enhancing Security in Communication Applications Deployed on Kubernetes: Best Practices and Service Mesh Analysis

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2023-08-21
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
61
Series
Abstract
This thesis explores the security challenges faced by cloud-native telecom applications in the context of 5G technology and Kubernetes. The increasing isolation and adoption of microservices architecture in cloud-native infrastructure heighten the need for robust security measures. Leveraging the MITRE attack matrix, this study identifies unique vulnerabilities and attack stages specific to Kubernetes, emphasizing the necessity of comprehensive security measures. Service meshes emerge as a promising solution for simplifying network management and enhancing security, with a comparison between the sidecar-free and sidecar models to determine the optimal approach. In our implementation, we utilize a sidecar-free service mesh, which offers enhanced observability, providing the required visibility. This visibility-first approach is employed to establish security in Kubernetes, enabling a better understanding of network traffic and aiding in the development of effective security policies. Tools like Kubesec and Kube-hunter are employed to evaluate cluster misconfigurations and compliance with benchmarks, significantly improving the security of communication applications in cloud-native environments. The thesis also proposes future research directions, including access control in cloud-native telecom systems, automated IAM integration, and dynamic authorization models tailored to telecom applications. By implementing these findings, telecom organizations can fortify the integrity, confidentiality, and resilience of their cloud-native infrastructure, effectively protecting critical services and adapting to evolving security challenges.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Reijonen, Joel
Keywords
kubernetes, security, service mesh, 5G, telecommunication
Other note
Citation