STRIDE threat modeling on Kubernetes pt.3/6: Repudiation

Hi all, this is the third part of this little series about STRIDE threat modeling on Kubernetes. Previously we talked about Tampering; today we talk about Repudiation. Repudiation is the ability to cast doubt on something that happened. What typically happens is that the attacker aims to deny the authorship of his actions. Generally the opposite and thus the desired goal is prooving: What When Where Why Who How on certain actions....

February 23, 2020 · 6 min

STRIDE threat modeling on Kubernetes pt.2/6: Tampering

In the previous post of this little series we talked about preventing spoofing on Kubernetes. Today we’ll talk about the T of STRIDE: Tampering. Tampering is the act of changing something in a malicious way, to gain extra privileges or for denial of service. Generally for preventing tampering is important to: limit the access to critical components; control the access to critical components; Furthermore, it’s important to watch for evidence of tampering....

February 11, 2020 · 3 min

STRIDE threat modeling on Kubernetes pt.1/6: Spoofing

As it comes from the power of the open source and Borg, Kubernetes is an ecosystem very flexible. Only the extensibility of the APIs as for the CRDs opens the world to a vastity of opportunities to build architectures upon it (see the SIG’s Cluster API, the AWS EKS and Fargate combinations, etc.). At the same time can be complex to manage, and everyone - or almost everyone - knows that is not enough to get applications working; as part of the administration it is vital to secure your cluster and so your application with your data to get the job done....

February 3, 2020 · 3 min