Vi utbildar för framtiden och skapar samhällsnytta genom vår forskning som levandegörs i nära samarbete med näringslivet. Vi bedriver forskning inom computer science, datateknik, software engineering och interaktionsdesign - från grundforskning till direkta tillämpningar. Institutionen har en stark internationell prägel och är delad mellan Chalmers och Göteborgs universitet.
We are engaged in research and education across the full spectrum of computer science, computer engineering, software engineering, and interaction design, from foundations to applications. We educate for the future, conduct research with high international visibility, and create societal benefits through close cooperation with businesses and industry. The department is joint between Chalmers and the University of Gothenburg.
(2022) Rönnbäck, Marcus; Åberg, Fredrik; Chalmers tekniska högskola / Institutionen för data och informationsteknik; Chalmers University of Technology / Department of Computer Science and Engineering; Gulisano, Vincenzo Massimiliano; Hassan, Ahmed Ali-Eldin
The increase in Kubernetes usage and container usage in general brings new challenges
regarding security. Recent surveys show that container system misconfigurations
are the most common cause of concern faults and error handled by system
administrators. Common security guidelines exist that can help with ensuring
that configurations are correct, but they typically involve manual policy enforcement
which can be tedious and time consuming. This process can be automated
by employing a “policy-as-code” system which checks and evaluates the validity
of given configurations. It is not clear as to what extent it is possible to enforce
common security guidelines through policy-as-code. In this thesis, the questions
we aim to answer are: To what extent are common security guidelines enforceable
through policy-as-code? Does it have any limitations or cases that cannot be covered?
Does the implementation of these policies affect performance? Are there any
concrete known vulnerabilities that are mitigated by these policies? This is done
through empirical studies and evaluations of security guidelines and investigations
as to what extent they are enforceable. Our findings using open-source Kubernetes
security software is that the overall number of common security guidelines that are
enforceable through policy-as-code systems are 33 out of 55, which is 60%. The nonenforceable
guidelines depend on external factors such as organizational structure
and user permissions, which are hard to implement in a policy-as-code system with