Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
Nanzi Yang, Wenbo Shen, Jinku Li, Xunqi Liu, Xin Guo, Jianfeng Ma
Abstract
As the dominant container orchestration system, Kubernetes is widely used by many companies and cloud vendors. It runs third-party add-ons and applications (termed third-party apps) on its control plane to manage the whole cluster. The security of these third-party apps is critical to the whole cluster but has not been systematically studied so far.
Topics & Concepts
Third partyOrchestrationComputer scienceCluster (spacecraft)Computer securityContainer (type theory)Cloud computingAccess controlOperating systemInternet privacyEngineeringMechanical engineeringArtVisual artsMusicalAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionSecurity and Verification in Computing