Optimizing Kubernetes Security through automated Policy Enforcement in Multi-Cloud Environment

Yadav, Soham Deepak (2024) Optimizing Kubernetes Security through automated Policy Enforcement in Multi-Cloud Environment. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (1MB) | Preview
Preview	PDF (Configuration Manual) Download (2MB) | Preview

Abstract

The use of Kubernetes has become crucial for the management of containerized applications in cloud environments. With rising advantages, there is a rise in complexity due to its dynamic nature, this brings in significant security challenges. Traditional security tools namely AnchoreCLI generate a higher rate of false positives, lack the ability to customize, and have a restricted ability to adapt to multi-cloud environments, exposing the Kubernetes environments vulnerable to evolving threats.

The study in this research proposes a novel approach by creating an automated security framework for Kubernetes to address the limitations. The framework will consist of a custom-built security scanning agent, which will perform active vulnerability detection by pulling data from the National Vulnerability Data (NVD).

In addition to the custom-built scanning agent, a dynamic and adaptive policy enforcement engine is also created. The policy engine automatically updates the policies based on the scanning results by the scanning agent. The policy enforcement engine applies Kubernetes configurations in real time. The crucial part of the framework is its seamless automation with the continuous integration and continuous deployment (CI/CD) pipeline. This provides the facility for automation of initialization of the security scanning agent and policy enforcement engine at appropriate stages during deployment to every environment. This pipeline ensures a secure deployment and minimizes manual work leading to the low rate of human errors. This creates a proactive solution to the evolving security threats.

The combination of real-time security scanning, adaptive policy enforcement, and seamless CI/CD automation of the process, the proposed framework provides a dynamic solution to the Kubernetes security complications. The study is a demonstration of the automation, customization, and adaptive approach for enhancing the security of Kubernetes clusters in multi-cloud environments.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Mijumbi, Rashid UNSPECIFIED
Uncontrolled Keywords:	Custom Security Scanning Agent; Adaptive Policy Enforcement; Kubernetes; Continuous Integration and Continuous Deployment (CI/CD); Azure; Google Cloud; National Vulnerability Database (NVD)
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Cloud computing Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cloud Computing
Depositing User:	Ciara O'Brien
Date Deposited:	17 Jul 2025 13:22
Last Modified:	17 Jul 2025 13:22
URI:	https://norma.ncirl.ie/id/eprint/8166

Actions (login required)

View Item