STRIDE threat modeling on Kubernetes pt.2/6: Tampering

In the previous post of this little series we talked about preventing spoofing on Kubernetes. Today we’ll talk about the T of STRIDE: Tampering. Tampering is the act of changing something in a malicious way, to gain extra privileges or for denial of service. Generally for preventing tampering is important to: limit the access to critical components; control the access to critical components; Furthermore, it’s important to watch for evidence of tampering....

February 11, 2020 · 3 min

STRIDE threat modeling on Kubernetes pt.1/6: Spoofing

As it comes from the power of the open source and Borg, Kubernetes is an ecosystem very flexible. Only the extensibility of the APIs as for the CRDs opens the world to a vastity of opportunities to build architectures upon it (see the SIG’s Cluster API, the AWS EKS and Fargate combinations, etc.). At the same time can be complex to manage, and everyone - or almost everyone - knows that is not enough to get applications working; as part of the administration it is vital to secure your cluster and so your application with your data to get the job done....

February 3, 2020 · 3 min