Express YourSelf !

 Security boundaries

- Hypervisor is security boundary for VM

- container is security boundary

Hypervisor is stronger. With container, attacker can bypass the boundary using kernel layer. 

- firewall is security boundary in nw, traditionally. 

- netpol is security boundary in nw in k8s

- RW access is security boundary in data layer. 

- chroot is security boundary in data layer in k8s

Definition

a security domain is a set of entities that are within the same access level.

a security boundary is a point of demarcation between different security domains

Trusted Zones Components

1. Internet: kubectl, application clients

2. API Server: kube-apiserver

3. Master Node components: kube-controller-manager, cloud-controller-manager

4. Master Node database: etcd

5. Wokrer Node: kubelet, kubeproxy

6. Container: Container Runtime.

Security Domain

1. K8s Master Components: kube-apiserver, etcd, kube-controller-manager, DNS server, kube-scheduler 

2. K8s Worker Components: kublet, kubeproxy

3. K8s objects: 

K8s objects + components and their boundary

1. Container: cgroups, namespace, AppArmor profile, seccomp profile

2. Pod: above + nw, IPC, SecurityContext, netpol, psp

3. Node: nodeSelectors, kernel, optinally hypervisor, host - hardening by AppArmor and SELinux

4. Cluster: 

5. NS: LimitRanger admission controller, netpol

6. The K8s API Server

Threat actor and their boundary

1. End user: nodes, pods, kube-apiserver, firewall.

2. Internal attacker: Netpol and RBAC

3. Privileged attacker: Only kube-apiserver

Security boundary in system layer. Use PSP

1. NS

- HostNetwork

- HostIPC

- HostPID

- shareProcessNamespace

2. Linux Capabilities https://man7.org/linux/man-pages/man7/capabilities.7.html

Default capabilities

• CAP_SETPCAP

• CAP_MKNOD

• CAP_AUDIT_WRITE

• CAP_CHOWN

• CAP_NET_RAW

• CAP_DAC_OVERRIDE

• CAP_FOWNER

• CAP_FSETID

• CAP_KILL

• CAP_SETGID

• CAP_SETUID

• CAP_NET_BIND_SERVICE

• CAP_SYS_CHROOT

• CAP_SETFCAP

Security boundary in nw layer : Netpol