Article

Adaptive Controller to Identify Misconfigurations and Optimize the Performance of Kubernetes Clusters and IoT Edge Devices

Authors:

Håvard DagenborgAuthors Info & Claims

Service-Oriented and Cloud Computing: 10th IFIP WG 6.12 European Conference, ESOCC 2023, Larnaca, Cyprus, October 24–25, 2023, Proceedings

Pages 170 - 187

https://doi.org/10.1007/978-3-031-46235-1_11

Published: 24 October 2023 Publication History

Abstract

Kubernetes default configurations do not always provide optimal security and performance for all clusters and IoT edge devices deployed, affecting the scalability of a given workload and making them vulnerable to security breaches and information leakage if misconfigured. We present an adaptive controller to identify the type of misconfiguration and its consequence threat to optimize the system behavior. Our work differs from existing approaches as it is fully automated and can diagnose various errors on the fly. The controller is evaluated in terms of quality and accuracy of identification. The results show that the controller can identify around 90% of the total number of configuration values with a reasonable average identification overhead.

References

[1]

Assuncao, L., Cunha, J.C.: Dynamic workflow reconfigurations for recovering from faulty cloud services, vol. 1, pp. 88–95. IEEE Computer Society (2013)

[2]

Chiba, T., Nakazawa, R., Horii, H., Suneja, S., Seelam, S.: Confadvisor: a performance-centric configuration tuning framework for containers on Kubernetes, pp. 168–178 (2019)

[3]

CWE: Common weakness enumeration category: Configuration (2023). https://cwe.mitre.org/data/definitions/16.html

[4]

Fairwinds: Kubernetes benchmark report security, cost, and reliability workload results (2023). https://www.fairwinds.com/kubernetes-config-benchmark-report

[5]

Gantikow H, Reich C, Knahl M, and Clarke N Ferguson D, Méndez Muñoz V, Pahl C, and Helfert M Rule-based security monitoring of containerized environments Cloud Computing and Services Science 2020 Cham Springer 66-86

[6]

Hu, Y., Huang, G., Huang, P.: Automated reasoning and detection of specious configuration in large systems with symbolic execution, pp. 719–734 (2020)

[7]

of the IEEE Computer Society, S.E.S.C.: IEEE standard classification for software anomalies (ieee 1044–2009) (2010)

[8]

Lakshmanan, R.: Microsoft confirms server misconfiguration led to 65,000+ companies’ data leak (2022). https://thehackernews.com/2022/10/microsoft-confirms-server.html

[9]

Mahajan, V.B., Mane, S.B.: Detection, analysis and countermeasures for container based misconfiguration using docker and Kubernetes, pp. 1–6. Institute of Electrical and Electronics Engineers Inc. (2022)

[10]

Moothedath, S., et al.: Dynamic information flow tracking for detection of advanced persistent threats: a stochastic game approach, June 2020. arXiv:2006.12327

[11]

NVD: Cve-2019-5736 (2019). https://nvd.nist.gov/vuln/detail/CVE-2019-5736

[12]

NVD: Cve-2019-6538 (2019). https://nvd.nist.gov/vuln/detail/CVE-2019-6538

[13]

NVD: Cve-2020-10749 (2020). https://nvd.nist.gov/vuln/detail/cve-2020-10749

[14]

NVD: Cve-2022-0811 (2022). https://nvd.nist.gov/vuln/detail/cve-2022-0811

[15]

Pranata, A.A., Barais, O., Bourcier, J., Noirie, L.: Misconfiguration discovery with principal component analysis for cloud-native services, pp. 269–278. Institute of Electrical and Electronics Engineers Inc., December 2020

[16]

Rabiner L and Juang BH An introduction to hidden Markov models IEEE ASSP Mag. 1986 3 1 4-16

[17]

Samir, A., Dagenborg, H.: A self-configuration controller to detect, identify, and recover misconfiguration at IoT edge devices and containerized cluster system, pp. 765–773 (2023)

[18]

Samir, A., Dagenborg, H.: Self-healing misconfiguration of cloud-based IoT systems using Markov decision processes, pp. 244–252 (2023)

[19]

Samir A, Ioini NE, Fronza I, Barzegar H, Le V, and Pahl C A controller for anomaly detection, analysis and management for self-adaptive container clusters Int. J. Adv. Softw. 2019 12 3 &4 356-371

[20]

Santolucito, M., Zhai, E., Dhodapkar, R., Shim, A., Piskac, R.: Synthesizing configuration file specifications with association rule learning. Proc. ACM Program. Lang. 1(OOPSLA), 1–20 (2017)

[21]

Scarfone, K., Mell, P.: The common configuration scoring system (CCSS): metrics for software security configuration vulnerabilities. NIST interagency report, p. 7502 (2010)

[22]

Wang, S., Li, C., Hoffmann, H., Lu, S., Sentosa, W., Kistijantoro, A.I.: Understanding and auto-adjusting performance-sensitive configurations, vol. 53, pp. 154–168. Association for Computing Machinery, March 2018

[23]

Xu, T., Jin, X., Huang, P., Zhou, Y.: Early detection of configuration errors to reduce failure damage, pp. 619–634. USENIX Association (2016)

[24]

Zhang, J., Piskac, R., Zhai, E., Xu, T.: Static detection of silent misconfigurations with deep interaction analysis. Proc. ACM Program. Lang. 5, 1–30 (2021)

[25]

Zhang, J., et al.: Encore: exploiting system environment and correlation information for misconfiguration detection, pp. 687–700 (2014)

Cited By

Maldonado Carrascosa FSeddiki DJiménez Sánchez AGarcía Galán SValverde Ibáñez MMarchewka A(2024)Multi-objective optimization of virtual machine migration among cloud data centersSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-024-09950-228:20(12043-12060)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s00500-024-09950-2

Recommendations

A Multi-pronged Self-adaptive Controller for Analyzing Misconfigurations for Kubernetes Clusters and IoT Edge Devices
Service-Oriented and Cloud Computing
Abstract
Kubernetes default configurations do not always provide optimal security and performance for all clusters and IoT edge devices deployed, making them vulnerable to security breaches and information leakage if misconfigured. Misconfiguration leads ...
Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study
Context: Kubernetes has emerged as the de-facto tool for automated container orchestration. Business and government organizations are increasingly adopting Kubernetes for automated software deployments. Kubernetes is being used to provision applications ...
Mitigating security attacks in kubernetes manifests for security best practices violation
ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Kubernetes is an open-source software system that helps practitioners in automatically deploying, scaling, and managing containerized applications. Information technology (IT) organizations, such as IBM, Spotify, and Capital One, use Kubernetes to ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Service-Oriented and Cloud Computing: 10th IFIP WG 6.12 European Conference, ESOCC 2023, Larnaca, Cyprus, October 24–25, 2023, Proceedings

Oct 2023

294 pages

ISBN:978-3-031-46234-4

DOI:10.1007/978-3-031-46235-1

Editors:
George A. Papadopoulos
https://ror.org/02qjrjx09University of Cyprus, Nicosia, Cyprus
,
Florian Rademacher
https://ror.org/04xfq0f34RWTH Aachen University, Aachen, Germany
,
Jacopo Soldani
https://ror.org/03ad39j10University of Pisa, Pisa, Italy

© IFIP International Federation for Information Processing 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 24 October 2023

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Maldonado Carrascosa FSeddiki DJiménez Sánchez AGarcía Galán SValverde Ibáñez MMarchewka A(2024)Multi-objective optimization of virtual machine migration among cloud data centersSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-024-09950-228:20(12043-12060)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s00500-024-09950-2

View Options

View options

Media

Figures

Other

Tables

View Table of Contents