Scribd
Upload
13 views4 pages

Ubunutu 3

The document discusses the security challenges of running Kubernetes at the edge and introduces MicroK8s and strict confinement as a solution. MicroK8s is a lightweight Kubernetes distribution designed for IoT devices that provides security, simplicity and robustness. Strict confinement further isolates MicroK8s and its workloads, limiting access to only necessary resources and reducing the attack surface.

Uploaded by

algoareportar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views4 pages

Ubunutu 3

The document discusses the security challenges of running Kubernetes at the edge and introduces MicroK8s and strict confinement as a solution. MicroK8s is a lightweight Kubernetes distribution designed for IoT devices that provides security, simplicity and robustness. Strict confinement further isolates MicroK8s and its workloads, limiting access to only necessary resources and reducing the attack surface.

Uploaded by

algoareportar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

What’s more, delivering updates to a eet of devices is easier said than done.

Automated OTA updates go a long way towards simplifying the process, but it is
rarely possible to have full control over devices in the eld. For instance, a user
might have their device turned o� for several weeks, preventing it from receiving
updates. When that machine is turned back on, there may be a brief window in
which it is operating without the latest security xes.

These issues are further compounded with the introduction of Kubernetes.

Kubernetes complexity increases at the edge


Kubernetes is an open source container orchestration system. It is invaluable for
distributing process management across numerous machines, enabling users to
automate deployment, upgrades, and maintenance of containerised applications
at scale.

Within data centres and on clouds, Kubernetes has been the industry-standard
container orchestration platform for several years. Indeed, the latest Canonical
Cloud Native Operations survey found that 43.1% of respondents ran applications
either partially or exclusively on Kubernetes, with a further 29.9% evaluating or
planning Kubernetes deployment.2

More recently, the quest to bring computing closer to users and data sources
has seen Kubernetes come to the edge as well. According to the Cloud Native
Computing Foundation’s 2021 survey, edge developers are the largest user
segment for both containers and Kubernetes, with Kubernetes used by 63% of
developers working on edge computing applications in the last 12 months.3

Kubernetes is a natural t for IoT since it o�ers a way to simplify deployment and
management across a vast eet of devices, empowering developers to focus on
their applications rather than the underlying infrastructure. That being said, when
Kubernetes was created, it was not designed to run at the edge. As a result, using
Kubernetes on an IoT device poses signi cant risks.

Kubernetes is a highly dynamic platform that supports many applications across


a wide variety of use cases. Often, these applications interact with host machines
in ways that are not fully secure when transposed to the edge. For instance,
Kubernetes makes certain assumptions about what it can touch on the le system,
and how it can interact with network interface and storage devices. While these
assumptions would not ordinarily be an issue, they can compromise security in an
IoT context.

Combining these complications with device mutability and the sheer scope of
what Kubernetes enables at the edge creates a large attack surface that is almost
impossible to fully police.

2 https://juju.is/cloud-native-kubernetes-usage-report-2022#container-and-kubernetes-usage
3 https://www.cncf.io/wp-content/uploads/2021/12/Q1-2021-State-of-Cloud-Native-development-FINAL.pdf

3
Growing attention from bad actors
To make matters worse, the number and severity of security threats at the edge
are growing rapidly.

In the past, malicious actors have focused more on nding and exploiting
vulnerabilities on servers, laptops, and workstations than on IoT devices. But with
embedded devices becoming more important, proli c, and mass produced, security
researchers and hackers are increasingly turning their attention to the edge.

Cybersecurity leader Kaspersky reports that its honeypots – imitating vulnerable


IoT devices – were attacked approximately 1.5 billion times in the rst six months
of 2021. That gure is more than double the 639 million attacks seen in the back
half of 2020.4 As edge computing continues to mature, the rise in vulnerabilities
and hacking attempts will only accelerate.

Hardware integrity
While the security of IoT software is essential, it is also important to consider
the integrity of the edge hardware itself. As devices trend towards increased
computing power and reduced energy consumption, hardware security does not
always keep up, adding a further layer of risk.

Unlike data centre hardware, IoT devices in the eld can be physically accessed by
malicious actors. As such, everything from low-level mainboard components to
debugging interfaces and buses are viable targets, creating an assortment of new
security challenges.

Solution: strict con nement with MicroK8s


and Ubuntu Core
Despite all these challenges, there are solutions available that minimise the risks
involved in running Kubernetes at the edge.

What is MicroK8s?
MicroK8s is a lightweight, CNCF-certi ed, pure upstream Kubernetes distribution
designed not only for clouds and workstations, but also for IoT devices. Created
by Canonical, the company behind Ubuntu, MicroK8s is delivered as a snap – a
containerised software package that bundles Kubernetes together with all of its
dependencies.

Optimised for security, simplicity, and robustness, MicroK8s can be deployed


anywhere with a single command, o�ering the easiest path to enjoying the full
Kubernetes experience at the edge. Additionally, the low footprint of MicroK8s
makes it ideal for smaller, resource-constrained IoT devices. The distribution’s
low touch, minimal ops design aligns with IoT use cases where direct human
intervention with devices in the eld is impossible.

From a security perspective, MicroK8s includes self-healing, high-availability,


and automated OTA updates. These updates are fully transactional and roll back
on failure.

4 https://www.iottechnews.com/news/2021/sep/07/kaspersky-attacks-on-iot-devices-double-in-a-year/

4
Most importantly, being a snap, MicroK8s is isolated from underlying systems,
limiting its access to other system services and resources on an IoT device. To truly
address edge security concerns, MicroK8s version 1.25 takes this concept a step
further with strict con nement.

What is strict con nement?


Strict con nement is a snap con nement level that provides
What are snaps? complete isolation up to a minimal access level that is
always deemed safe. With strict con nement enabled, the
Snaps are a secure and scalable way to embed system ensures that MicroK8s and its container workloads
applications on Linux devices. A snap is a can only access les, system resources, and hardware for
software package containing one or more which access has been granted.
applications or services that are containerised
with all their dependencies, which can be By restricting Kubernetes to the absolutely necessary
installed using a single command. With snaps, permissions, strict con nement eliminates vulnerable
software updates are automatic and resilient. interactions both within the host device and externally,
Applications run fully isolated in their own greatly reducing the attack surface. And if MicroK8s were
sandbox, thus minimising security risks. to be hacked, strict con nement would prevent it from
compromising the rest of the device.
Snaps are hosted in the global Snap Store, an
application repository hosted and managed by With strict con nement, users can run sophisticated and
Canonical, and are free for anyone to download. otherwise high-risk IoT workloads in a safe way. The ability
While strict con nement requires the use of to layer applications together in a hardened environment
Ubuntu, snaps can be installed on any Linux without risk of device-wide intrusion enables a variety
distribution with snap support enabled. of unprecedented use cases, empowering businesses to
operate at the edge in entirely new ways.

How does strict con nement work?


To determine their permissions, strictly con ned snaps rely on resource access
requests known as interfaces. Interfaces are carefully chosen by a snap’s creator
to provide speci c access to a resource according to that snap’s requirements. For
instance, interfaces can provide access to cameras or serial ports.

Con nement and permissions are enforced by the Linux kernel security module
AppArmor, alongside other Linux security features. When strictly con ned
MicroK8s is installed, its metadata is examined and used to derive AppArmor
pro les, seccomp lters, device cgroup rules, and traditional permissions.
Together, these ensure total isolation for the Kubernetes runtime.

Naturally, some applications require access to critical system resources in order


to function, and so need to be exempt from con nement. To support these use
cases, MicroK8s features an addon system with veri ed and tested applications
that will run under strict con nement. Canonical is working to continuously
improve this ecosystem to provide support for all common use cases.

Perhaps the most important consequence of strict con nement being added to
MicroK8s is that it can now be used with Ubuntu Core.

5
What is Ubuntu Core?

Ubuntu Core is a lean, embedded version of Ubuntu created for the edge.
The main goal of Ubuntu Core is to secure the next generation of IoT devices,
and it achieves this through containerisation. Ubuntu Core itself and all
applications deployed on it are packaged as strictly con ned snaps.

This snap-based paradigm takes the bene ts of strict con nement detailed above
and proliferates them throughout the entire device. All applications are fully
isolated from each other and can only interact with the system through interfaces.
This approach is inherently secure and perfect for IoT devices.

Alongside application con nement, Ubuntu Core features transactional OTA


updates with self-healing, full disk encryption, secure boot, and an array of
additional capabilities that make the operating system ultra-secure straight out
of the box. Canonical supports Ubuntu Core long-term, delivering kernel patches
and bug xes continuously for 10 years. Each Ubuntu Core version is based on a
corresponding LTS release of Ubuntu.

Because all applications running on Ubuntu Core must be strictly con ned, it was
not previously possible to pair it with MicroK8s. Now, Ubuntu Core and MicroK8s
can be combined for a seamless path to secure Kubernetes at scale, optimised for
size, performance, and usability at the edge.

Use cases for strict con nement


We have discussed the technologies, but how do they work in practice?
Let’s explore the use cases.

Smart home
Let’s examine a hypothetical application of MicroK8s in a smart home. In this smart
home, the fridge acts as a hub controlling multiple smart devices in the house.
That hub is running Ubuntu Core with MicroK8s.

The workloads on the hub communicate with sensors and other devices around
the house. Critically, these devices must not be in uenced by outside updates that
could cause a malign threat later down the line. All updates must come from a
secure source.

You might also like