K8s Pro Sentinel: Extend Secret Security in Kubernetes Cluster

• URL: http://arxiv.org/abs/2411.16639v1
• Date: Mon, 25 Nov 2024 18:15:37 GMT
• Title: K8s Pro Sentinel: Extend Secret Security in Kubernetes Cluster
• Authors: Kavindu Gunathilake, Indrajith Ekanayake,
• Abstract summary: This research introduces K8s Pro Sentinel, an operator that automates the configuration of encryption and access control for Secret Objects. The performance and reliability of the Sentinel operator were evaluated using Red Hat Operator Scorecard and chaos engineering practices.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Microservice architecture is widely adopted among distributed systems. It follows the modular approach that decomposes large software applications into independent services. Kubernetes has become the standard tool for managing these microservices. It stores sensitive information like database passwords, API keys, and access tokens as Secret Objects. There are security mechanisms employed to safeguard these confidential data, such as encryption, Role Based Access Control (RBAC), and the least privilege principle. However, manually configuring these measures is time-consuming, requires specialized knowledge, and is prone to human error, thereby increasing the risks of misconfiguration. This research introduces K8s Pro Sentinel, an operator that automates the configuration of encryption and access control for Secret Objects by extending the Kubernetes API server. This automation reduces human error and enhances security within clusters. The performance and reliability of the Sentinel operator were evaluated using Red Hat Operator Scorecard and chaos engineering practices.

Related papers

• Privacy-preserving server-supported decryption [2.2530496464901106]
  We consider encryption systems with two-out-of-two threshold decryption, where one of the parties initiates the decryption and the other one assists. Existing threshold decryption schemes disclose to the server the ciphertext that is being decrypted. We give a construction, where the identity of the ciphertext is not leaked to the server, and the client's privacy is preserved.
  arXiv  Detail & Related papers  (2024-10-25T06:47:53Z)
• CCA-Secure Key-Aggregate Proxy Re-Encryption for Secure Cloud Storage [1.4610685586329806]
  Data protection in cloud storage is the key to the survival of the cloud industry. Proxy Re-Encryption schemes enable users to convert their ciphertext into others ciphertext by using a re-encryption key. Recently, we lowered the key storage cost of C-PREs to constant size and proposed the first Key-Aggregate Proxy Re-Encryption scheme.
  arXiv  Detail & Related papers  (2024-10-10T17:02:49Z)
• ASPIRER: Bypassing System Prompts With Permutation-based Backdoors in LLMs [17.853862145962292]
  We introduce a novel backdoor attack that systematically bypasses system prompts. Our method achieves an attack success rate (ASR) of up to 99.50% while maintaining a clean accuracy (CACC) of 98.58%.
  arXiv  Detail & Related papers  (2024-10-05T02:58:20Z)
• Implementation of New Security Features in CMSWEB Kubernetes Cluster at CERN [1.6804702845109005]
  We discuss new security features introduced to the CMSWEB ("k8s") cluster. The new features include the implementation of network policies, deployment of Open Policy Agent (OPA), enforcement of OPA policies, and the integration of Vault.
  arXiv  Detail & Related papers  (2024-05-24T08:22:22Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• CodeChameleon: Personalized Encryption Framework for Jailbreaking Large Language Models [49.60006012946767]
  We propose CodeChameleon, a novel jailbreak framework based on personalized encryption tactics. We conduct extensive experiments on 7 Large Language Models, achieving state-of-the-art average Attack Success Rate (ASR) Remarkably, our method achieves an 86.6% ASR on GPT-4-1106.
  arXiv  Detail & Related papers  (2024-02-26T16:35:59Z)
• Instructional Fingerprinting of Large Language Models [57.72356846657551]
  We present a pilot study on fingerprinting Large language models (LLMs) as a form of very lightweight instruction tuning. Results on 11 popularly-used LLMs showed that this approach is lightweight and does not affect the normal behavior of the model. It also prevents publisher overclaim, maintains robustness against fingerprint guessing and parameter-efficient training, and supports multi-stage fingerprinting akin to MIT License.
  arXiv  Detail & Related papers  (2024-01-21T09:51:45Z)
• SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
  We propose SOCI+ which significantly improves the performance of SOCI. SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive. Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
  arXiv  Detail & Related papers  (2023-09-27T05:19:32Z)
• Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators [4.605674633999923]
  We show how logic locking can be used to compromise the security of a neural accelerator it protects. Specifically, we show how the deterministic errors caused by incorrect keys can be harnessed to produce neural-trojan-style backdoors.
  arXiv  Detail & Related papers  (2023-04-12T17:55:34Z)
• Pre-trained Encoders in Self-Supervised Learning Improve Secure and Privacy-preserving Supervised Learning [63.45532264721498]
  Self-supervised learning is an emerging technique to pre-train encoders using unlabeled data. We perform first systematic, principled measurement study to understand whether and when a pretrained encoder can address the limitations of secure or privacy-preserving supervised learning algorithms.
  arXiv  Detail & Related papers  (2022-12-06T21:35:35Z)
• Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
  We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
  arXiv  Detail & Related papers  (2021-06-03T16:45:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.