Express YourSelf !

Threat Modelling

1. Asset

2. Security control

3. Threat Actor

- End user

- Internal attacker: Malicious containers/pods 

- Privileged attacker: Infra admin, compromised API server, malicious node.

- script kiddies, 

- hacktivists, 

- nation-state actors

4. Attack Surface

- End user: LB, Ingress, NodePort service

5. Threat

6. Mitigation

Threat Scenarios

● An External Attacker without access to the client application

● An External Attacker with valid access to the client application

● An Internal Attacker with access to cluster

● A Malicious Internal User

Threat Modelling Approach

1. STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Escalation of Privilege.

What can go wrong with System

2. PASTA: Process for Attack Simulation and Threat Analysis

attacker-centric approach to develop asset-centric migration strategies

3. VAST: Visual, Agile, and Simple Threat

Trusted Zones

Zone: Components

1. Internet: kubectl, application clients

2. API Server: kube-apiserver

3. Master Node components: kube-controller-manager, cloud-controller-manager

4. Master Node database: etcd

5. Wokrer Node: kubelet, kubeproxy

6. Container: Container Runtime. 

Trust Zone connections

1. Internet -> API Server

2. Internet -> Container 

3, API Server -> Master node database

4. Master Node components -> API Server

5. ApPI Server -> Worker Node

6. Worker node -> API Server

7. Worker Node -> Container