Publication
Proteção de dados, gestão de identidade e deteção de incidentes em clusters kubernetes
| datacite.subject.fos | Engenharia e Tecnologia | |
| datacite.subject.sdg | 09:Indústria, Inovação e Infraestruturas | |
| dc.contributor.advisor | Leite, Jorge Manuel Canelhas Pinto | |
| dc.contributor.author | CORREIA, LUÍS MIGUEL SEIXAS | |
| dc.date.accessioned | 2025-09-15T14:47:15Z | |
| dc.date.available | 2025-09-15T14:47:15Z | |
| dc.date.issued | 2025-07-30 | |
| dc.description.abstract | O Kubernetes é uma tecnologia em adoção crescente, e como tal a necessidade de garantir a sua segurança é uma preocupação essencial para administradores destas infraestruturas. Considerando o caso específico de instalações em bare-metal, a preocupação de segurança é fulcral, dado não existirem as funcionalidades disponibilizadas por fornecedores cloud. Desse modo, identifica-se a importância da existência de uma solução de segurança integrada, que contemple a encriptação de dados, controlo de acessos, e deteção de incidentes. Foi realizada uma revisão sistemática de literatura, onde se investigaram técnicas de encriptação para a base de dados etcd, bem como práticas de autenticação e controlo de acessos. No âmbito da deteção e resposta a incidentes, foi investigado um conjunto de ferramentas com diferentes funções, aferindo o seu potencial papel numa solução de segurança holística. Com base neste conhecimento, foi implementada uma solução que endereça a deteção de incidentes através da conjugação de diversas ferramentas, oferecendo uma perspetiva integrada da postura de segurança de um ambiente Kubernetes. Esta solução foi testada através da simulação de atividades de intrusão, avaliando-se se os eventos são detetados e reportados centralmente. Estes testes demonstraram a eficácia da solução proposta na deteção de incidentes. | por |
| dc.description.abstract | Kubernetes is a technology with increasing adoption, and the need to guarantee it’s security is of utmost concern for the administrators of these infrastructures. Considering the specific case of bare-metal environments, the security concern is mandatory, due to the absence of features usually present in cloud environments. It is therefore important to have an integrated security solution that includes data encryption, access control and incident detection. A systematic literature review was carried out, investigating encryption techniques for the etcd database, as well as authentication and access control practices. Within the scope of incident detection and response, a set of tools with different functions was investigated, studying their potential role in a holistic security solution. Systematising the knowledge acquired made it possible to identify limitations and opportunities for integration in order to build an integrated solution that meets the security requirements of these environments. Following this process, an architecture for the solution was proposed, consisting in the usage of several tools investigated during the literature review, and detailing how the information generated by these can be integrated. Regarding incident detection, the architecture defines the usage of multiple tools for the detection of vulnerabilities - kube-score, Tetragon, Trivy and Kubernetes-native audit policies. These are then integrated via the collection of the metrics and logs they expose, which are collected by Prometheus - a metrics database - and fluent-bit a log collector which aggregates log entries and ships them to Elasticsearch, a database used for storing logs. This information can then be centrally consulted in Grafana, the chosen tool for visualization. To address practices such as access and admission control, Kubernetes RBAC policies and OPA Gatekeeper were the chosen technologies. Regarding authentication, this is architecturally delegated to an external component - Google SSO - which allows for centralized enterprise identity management. The encryption of data stored in etcd was also addressed, adopting the KMSv2 encryption system using Hashicorp Vault as an external KMS. Having defined the architecture, the implementation of it was carried out, focusing heavily on the incident detection components and their integration. The defined tools were configured according to the proposed requirements and objectives, resulting in a proof-of-concept which was then tested. These tests generally consisted in simulating potential intrusions and evaluating whether or not these are detected. Considering the encryption of Secrets, the tests were completely positive, verifying that secret values are no longer displayed in cleartext in etcd, but rather encrypted using a set of keys managed by the external KMS. The static analysis tool - kube-score proved rather eficient in detecting misconfigurations in Kubernetes manifests, detecting most of the expected conditions, as well as additional ones. Tetragon also detected all of the expected events, but a large number of false-positives was detected. Finally, Trivy properly reported vulnerabilities in an example container image, as well as compliance checks of the cluster. | eng |
| dc.identifier.tid | 204000025 | |
| dc.identifier.uri | http://hdl.handle.net/10400.22/30457 | |
| dc.language.iso | por | |
| dc.rights.uri | N/A | |
| dc.subject | Kubernetes | |
| dc.subject | security | |
| dc.subject | RBAC | |
| dc.subject | MFA | |
| dc.subject | threat detection | |
| dc.subject | Segurança | |
| dc.subject | Deteção de ameaças | |
| dc.title | Proteção de dados, gestão de identidade e deteção de incidentes em clusters kubernetes | por |
| dc.title.alternative | Data protection, identity management and incident detection in kubernetes clusters | eng |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| thesis.degree.name | Mestrado em Engenharia Informática |