logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Yuval Avrahami, Shaul Ben Hai
2022-05-18

tldr - powered by Generative AI

The presentation discusses the need to address powerful permissions in Kubernetes clusters and provides solutions to identify and mitigate them.
  • Multi-tenant scenarios do not increase the chances of container escape equaling cluster admin, but they do increase the chance of container escapes due to the presence of malicious tenants.
  • The least privileged paradigm needs more attention, and it is feasible to arrive at a point where most nodes in the cluster do not host powerful privileges.
  • The presentation introduces Albert Police, an open-source tool that retrieves the permissions of pods, service accounts, and nodes in a Kubernetes cluster and evaluates them based on policies written in Rigo.
  • The presentation emphasizes the importance of researching and documenting Kubernetes security issues to address vague areas in Kubernetes security.