Mitigation of Security Misconfigurations in Kubernetes-based Container Orchestration: A Techno-Educational Approach

Abstract

Kubernetes has emerged as the preferred tool for implementing automated container orchestration, offering significant advantages for IT organizations. However, the presence of security misconfigurations can render Kubernetes-based software deployments vulnerable to security attacks. The goal of this doctoral dissertation is to help practitioners secure their Kubernetes-based container-orchestration process by adopting a techno-educational approach. This PhD dissertation advances the science of Kubernetes misconfigurations by conducting three empirical studies. First, in order to assist practitioners in enhancing the security of their Kubernetes clusters, a qualitative analysis is conducted on 104 Internet artifacts, including blog posts, resulting in the identification of 11 Kubernetes security best practices. Second, to help practitioners secure the container orchestration with Kubernetes, we conduct a systematic investigation of configuration parameters that can aid practitioners in identifying configuration parameters that need to be avoided in order to secure a Kubernetes-based deployment infrastructure. Our approach is informed by gaining an understanding of the states associated with the pod lifecycle. Using our approach, we identify 6 attacks unique to Kubernetes that can be facilitated using combinations of 21 configuration parameters. Finally, we adopt authentic learning-based exercise to provide students with practical, hands-on experiences in addressing real-world challenges in Kubernetes security. We deploy our authentic learning-based exercise in 4 semesters among 246 students. Furthermore, we observe that 90.6% and 93.3% students report that they learned about Kubernetes security misconfigurations and the automated configuration management tools, respectively. Furthermore, students report that the instructor’s academic, industry, and research backgrounds are useful for authentic learning exercises.