Enhancing Security in Communication Applications Deployed on Kubernetes: Best Practices and Service Mesh Analysis
Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Security and Cloud Computing
Master’s Programme in Security and Cloud Computing (SECCLO)
AbstractThis thesis explores the security challenges faced by cloud-native telecom applications in the context of 5G technology and Kubernetes. The increasing isolation and adoption of microservices architecture in cloud-native infrastructure heighten the need for robust security measures. Leveraging the MITRE attack matrix, this study identifies unique vulnerabilities and attack stages specific to Kubernetes, emphasizing the necessity of comprehensive security measures. Service meshes emerge as a promising solution for simplifying network management and enhancing security, with a comparison between the sidecar-free and sidecar models to determine the optimal approach. In our implementation, we utilize a sidecar-free service mesh, which offers enhanced observability, providing the required visibility. This visibility-first approach is employed to establish security in Kubernetes, enabling a better understanding of network traffic and aiding in the development of effective security policies. Tools like Kubesec and Kube-hunter are employed to evaluate cluster misconfigurations and compliance with benchmarks, significantly improving the security of communication applications in cloud-native environments. The thesis also proposes future research directions, including access control in cloud-native telecom systems, automated IAM integration, and dynamic authorization models tailored to telecom applications. By implementing these findings, telecom organizations can fortify the integrity, confidentiality, and resilience of their cloud-native infrastructure, effectively protecting critical services and adapting to evolving security challenges.
Thesis advisorReijonen, Joel
kubernetes, security, service mesh, 5G, telecommunication