Dynamic security model for container orchestration platform

Abstract

With the development of science and technology, people and organizations use widely spread software applications and huge databases to fulfill their tasks. Those applications and databases connect with and store more sensitive and personal details belonging to the domain they are address with. Therefore, a security system is more important in these kinds of situations. When a third-party user accesses the applications or databases, the security system plays a major role in order to verify the security. When consider the security and privacy of application data, the Intrusion Detection System (IDS) comes into the play. This is a device or software application that uses to monitor a network or systems malicious activity or policy violations. Currently, IDS is deployed in the container orchestration platform as the centralized component that monitor the whole traffic that enter to the system. But there are many problems that can occur in this existing method. This uses a central point to define the whole security and if the IDS down, it will affect the security of the entire application. In other words, this can be named as single point of failure. Moreover, the performance of the IDS can be affected with the usage of centralized mechanism. This centralized mechanism will lead the application to execute each and every rule set defined for every application type without depend on a specific type that application belongs to. This accumulate more processing power and decrease the performance. Other than that, this can only monitor the traffic when moving to the system and will not be able to monitor the traffic that moving into the namespaces. If the namespaces are compromised this is not being able to address that one. So, this approach can only monitor the one place of the traffic flow and will not be able to detect malicious events occurring at different places at the same time. This research is focused on introducing a new decentralized model to deploy IDS in a microservice application for performance improvements. The solution is capable of defining separate rule sets for each namespace dynamically, and they are only responsible to monitor the application related to defined namespace only. Because Kubernetes is one of the most well received container orchestration platform for run the containers like docker, the Kubernetes container orchestration platform was used to do the experiment. In order to maintain an uninterrupted service, the Azure Kubernetes Cluster (AKS) was used. After deploying the sample containerized web application, Prometheus is used to save the metrics of data received under CPU usage, Memory usage and network latency categories. Then, the Grafana GUI applications are used to obtain the graphs and visualize the obtained results. According to the output, the previous security model Memory usage was 280MB, but with the new security model Memory usage is only up to 93MB. And, the previous security model CPU usage was increased up to 6.0 but with the new security model CPU usage is increased only up to 3.6. Moreover, it can be identified that, there is a performance improvement in the new security model rather than using the old approaches.