Logo Politecnico di Torino
ENIT
WebThesis

Towards a query-driven approach for the verification of Kubernetes configuration

Luca Nobili

Towards a query-driven approach for the verification of Kubernetes configuration.

Rel. Fulvio Valenza, Daniele Bringhenti, Riccardo Sisto. Politecnico di Torino, Master of science program in Cybersecurity, 2025

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives.
Download (3MB) | Preview

Abstract

Securing production Kubernetes clusters is a critical and increasingly complex task. The decentralized and fragmented nature of security policies, such as Role-Based Access Control (RBAC) and NetworkPolicy resources, creates a significant semantic gap between high level security requirements and the low level reality of the cluster configuration. Manual verification is cognitively demanding, error prone, and does not scale, while existing automated tools are often siloed within a single domain, leaving blind spots at the intersection of authorization and network reachability. To bridge this gap, this thesis introduces a query-based verification approach that assesses cross-domain security properties, specifically across RBAC and NetworkPolicy, through a unified cluster model.

This methodology is built upon three core components

Relators

Fulvio Valenza, Daniele Bringhenti, Riccardo Sisto

Academic year

2025/26

Publication type

Electronic

Number of Pages

101

Course of studies

Master of science program in Cybersecurity

Classe di laurea

New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING

URI

https://webthesis.biblio.polito.it/id/eprint/37919
Modify record (reserved for operators) Modify record (reserved for operators)
Logo Politecnico di Torino