Politecnico di Torino (logo)

TPM 2.0-based attestation of a Kubernetes cluster

Chiara Piras

TPM 2.0-based attestation of a Kubernetes cluster.

Rel. Antonio Lioy, Ignazio Pedone, Silvia Sisinni. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (6MB) | Preview

The increasing adoption of the Cloud Computing paradigm made Kubernetes the de facto standard for most service providers. Kubernetes is an open source orchestrator platform to easily coordinate, manage and scale containerized workloads and services running in pods. A pod is a wrapper containing one or more tied containers designed to collaborate in pursuing a common goal. Since the pod represents the smallest scheduling unit, its integrity verification becomes necessary, to react fast to certain types of tampering, attack, or unexpected execution on a cluster node. The importance of such verification relies upon the final user concernment, which cannot take security assurance for granted: another user of the Cloud, an attacker, or even the Cloud provider itself, can gain access to the nodes and pods running its applications. Moreover, the COVID-19 pandemic drastically changed how people live and work, increasing, even more, the use of the Cloud infrastructure and consequently the number of cyber attacks. The technique exploited to perform a trustworthiness analysis of a physical node is called Remote Attestation, a process in which the job is delegated to an external (i.e. remote) entity commonly known as the verifier. Remote Attestation works well to validate the integrity of physical systems and nowadays it is a well-established technique. However, focusing the attention on containers, and more in general on pods, this process still possesses criticalities and open challenges. Several solutions have been proposed in recent years, but they are limited because either they rely on an outdated Trusted Platform Module version, such as DIVE and Container-IMA, or they are specific to a single container runtime, such as the Docker Container Attestation. This thesis work exposes a new solution to address exactly the continuous remote attestation of pods, meaning that the integrity of the underlying host and each pod running within it is periodically checked and validated, regardless of the container runtime used. The main goal reached is the possibility to detect rapidly unrecognized executions, intrusions, or tampering in a pod: whenever this happens, the pod is terminated and rescheduled with a fresh and uncompromised version, without affecting the integrity of the whole node, hence without rebooting the system and guaranteeing service continuity. Furthermore, the presented solution can be easily integrated into the Kubernetes control plane, which makes it a valuable starting point for future work. The solution proposes an attestation framework Trusted Computing Group compliant, that relies upon the Trusted Platform Module 2.0, and it uses a custom version of the Linux “Integrity Measurement Architecture” module.

Relators: Antonio Lioy, Ignazio Pedone, Silvia Sisinni
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 116
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: Politecnico di Torino
URI: http://webthesis.biblio.polito.it/id/eprint/24507
Modify record (reserved for operators) Modify record (reserved for operators)