Enhancing Security in Communication Applications Deployed on Kubernetes: Best Practices and Service Mesh Analysis

Thumbnail Image

Files

master_Karakaş_Buket_2023.pdf (2.72 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2023-08-21

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

61

Series

Abstract

This thesis explores the security challenges faced by cloud-native telecom applications in the context of 5G technology and Kubernetes. The increasing isolation and adoption of microservices architecture in cloud-native infrastructure heighten the need for robust security measures. Leveraging the MITRE attack matrix, this study identifies unique vulnerabilities and attack stages specific to Kubernetes, emphasizing the necessity of comprehensive security measures. Service meshes emerge as a promising solution for simplifying network management and enhancing security, with a comparison between the sidecar-free and sidecar models to determine the optimal approach. In our implementation, we utilize a sidecar-free service mesh, which offers enhanced observability, providing the required visibility. This visibility-first approach is employed to establish security in Kubernetes, enabling a better understanding of network traffic and aiding in the development of effective security policies. Tools like Kubesec and Kube-hunter are employed to evaluate cluster misconfigurations and compliance with benchmarks, significantly improving the security of communication applications in cloud-native environments. The thesis also proposes future research directions, including access control in cloud-native telecom systems, automated IAM integration, and dynamic authorization models tailored to telecom applications. By implementing these findings, telecom organizations can fortify the integrity, confidentiality, and resilience of their cloud-native infrastructure, effectively protecting critical services and adapting to evolving security challenges.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Reijonen, Joel

Keywords

kubernetes, security, service mesh, 5G, telecommunication

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202308275270

Collections

[dipl] Perustieteiden korkeakoulu / SCI