쿠버네티스의 컨테이너 네트워크 환경에 대한 보안성 분석

Acknowledgement

이 논문은 2024년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임. (RS-2023-00212738)

References

1. "Kubernetes" [Internet], https://kubernetes.io/
2. "CNI" [Internet], [https://www.cni.dev/
3. B. Kim and S.S Lee, "Analysis of Network Security Policy Enforcement in Container Environments," Journal of The Korea Institute of Information Security and Cryptology, vol. 33, no. 6, pp. 961-973, 2023. https://doi.org/10.13089/JKIISC.2023.33.6.961
4. Lee. H, Kwon, S., J.H. LEE "Experimental Analysis of Security Attacks for Docker Container Communications. Electronics" 2023, 12, 940.
5. K. Suo, Y. Zhao, W. Chen and J. Rao, "An Analysis and Empirical Study of Container Networks," IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, Honolulu, HI, USA, 2018, pp. 189-197,.
6. "Project Calico" [Internet], https://docs.tigrea.io
7. "Cilium - Cloud Native, eBPF-basedNetworking, Observability, Security" [Internet], https://docs.cilium.io
8. "How to build a service mesh with Istio and Calico" [Internet], https://www.tigera.io/blog/how-to-build-a-service-mesh-with-istioand-calico/
9. "Enable and enforce application layer policies" [Internet], https://docs.tigera.io/calico-cloud/network-policy/application-layerpolicies/alp
10. Jaehyun Nam and Seungsoo Lee and Hyunmin Seo and Phil Porras and Vinod Yegneswaran and Seungwon Shin, "BASTION: A Security Enforcement Network Stack for Container Networks", 2020 USENIX Annual Technical Conference (USENIX ATC 20), 81-95, 2020
11. "Calico Policy metrics" [Internet], https://docs.tigera.io/calicocloud/operations/monitor/metrics/policy-metrics
12. "Monitor Calico with Prometheus and Grafana Cloud" [Internet], https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-prometheus/prometheus-config-examples/project-calico-calico/
13. "Kubernetes Calico" [Internet], https://grafana.com/grafana/dashboards/3244-calico/
14. "Cilium Hubble Series (Part 2): Hubble for the Enterprise" [Internet], https://isovalent.com/blog/post/cilium-hubble-enterprise-part-2/.
15. "Using RBAC Authorization" [Internet], https://kubernetes.io/docs/reference/access-authn-authz/rbac/
16. "How to Secure Kubernets Using Cloud SIEM?" [Internet], https://www.sumologickorea.com/blog/how-to-secure-kubernetes-using-cloud-siem/