Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
About You About Us How To Use This Book Conventions Used in This Book Using Code Examples O’Reilly Online Learning How to Contact Us Acknowledgments
1. Introduction
Setting the Scene Starting to Threat Model
Threat Actors Your First Threat Model
Attack Trees Example Attack Trees Prior Art Conclusion
2. Pod-Level Resources
Defaults Threat Model Anatomy of the Attack
Remote Code Execution Network Attack Surface
Kubernetes Workloads: Apps in a Pod What’s a Pod? Understanding Containers
Sharing Network and Storage What’s the Worst That Could Happen? Container Breakout
Pod Configuration and Threats
Pod Header Reverse Uptime Labels Managed Fields Pod Namespace and Owner Environment Variables Container Images Pod Probes CPU and Memory Limits and Requests DNS Pod securityContext Pod Service Accounts Scheduler and Tolerations Pod Volume Definitions Pod Network Status
Using the securityContext Correctly
Enhancing the securityContext with Kubesec Hardened securityContext
Into the Eye of the Storm Conclusion
3. Container Runtime Isolation
Defaults Threat Model Containers, Virtual Machines, and Sandboxes
How Virtual Machines Work Benefits of Virtualization What’s Wrong with Containers? User Namespace Vulnerabilities
Sandboxing
gVisor Firecracker Kata Containers rust-vmm
Risks of Sandboxing Kubernetes Runtime Class Conclusion
4. Applications and Supply Chain
Defaults Threat Model The Supply Chain
Software Scanning for CVEs Ingesting Open Source Software Which Producers Do We Trust?
CNCF Security Technical Advisory Group
Architecting Containerized Apps for Resilience Detecting Trojans
Captain Hashjack Attacks a Supply Chain
Post-Compromise Persistence Risks to Your Systems
Container Image Build Supply Chains
Software Factories Blessed Image Factory Base Images
The State of Your Container Supply Chains
Third-Party Code Risk Software Bills of Materials Human Identity and GPG
Signing Builds and Metadata
Notary v1 sigstore in-toto and TUF GCP Binary Authorization Grafeas
Infrastructure Supply Chain
Operator Privileges Attacking Higher Up the Supply Chain
Types of Supply Chain Attack
Open Source Ingestion Application Vulnerability Throughout the SDLC
Defending Against SUNBURST Conclusion
5. Networking
Defaults
Intra-Pod Networking Inter-Pod Traffic Pod-to-Worker Node Traffic Cluster-External Traffic The State of the ARP No securityContext No Workload Identity No Encryption on the Wire
Threat Model Traffic Flow Control
The Setup Network Policies to the Rescue!
Service Meshes
Concept Options and Uptake Case Study: mTLS with Linkerd
eBPF
Concept Options and Uptake Case Study: Attaching a Probe to a Go Program
Conclusion
6. Storage
Defaults Threat Model Volumes and Datastores
Everything Is a Stream of Bytes What’s a Filesystem? Container Volumes and Mounts OverlayFS tmpfs Volume Mount Breaks Container Isolation The /proc/self/exe CVE
Sensitive Information at Rest
Mounted Secrets Attacking Mounted Secrets
Storage Concepts
Container Storage Interface Projected Volumes Attacking Volumes The Dangers of Host Mounts Other Secrets and Exfiltraing from Datastores
Conclusion
7. Hard Multitenancy
Defaults Threat Model Namespaced Resources
Node Pools Node Taints
Soft Multitenancy Hard Multitenancy
Hostile Tenants Sandboxing and Policy Public Cloud Multitenancy
Control Plane
API Server and etcd Scheduler and Controller Manager
Data Plane Cluster Isolation Architecture Cluster Support Services and Tooling Environments Security Monitoring and Visibility Conclusion
8. Policy
Types of Policies Defaults
Network Traffic Limiting Resource Allocations Resource Quotas Runtime Policies Access Control Policies
Threat Model Common Expectations
Breakglass Scenario Auditing
Authentication and Authorization
Human Users Workload Identity
Role-Based Access Control (RBAC)
RBAC Recap A Simple RBAC Example Authoring RBAC Analyzing and Visualizing RBAC RBAC-Related Attacks
Generic Policy Engines
Open Policy Agent Kyverno Other Policy Offerings
Conclusion
9. Intrusion Detection
Defaults Threat Model Traditional IDS eBPF-Based IDS
Kubernetes and Container Intrusion Detection Falco
Machine Learning Approaches to IDS Container Forensics Honeypots Auditing Detection Evasion Security Operations Centers Conclusion
10. Organizations
The Weakest Link Cloud Providers
Shared Responsibility Account Hygiene Grouping People and Resources Other Considerations
On-Premises Environments Common Considerations
Threat Model Explosion How SLOs Can Put Additional Pressure on You Social Engineering Privacy and Regulatory Concerns
Conclusion
A. A Pod-Level Attack
Filesystem tmpfs Host Mounts
Hostile Containers Runtime
B. Resources
General
References Books
Further Reading by Chapter
Intro Pods Supply Chains Networking Policy
Notable CVEs
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion