Attribute Based Management of Secure Kubernetes Cloud Bursting

2024 IEEE Transaction on All Domains For More Details::Contact::K.Manjunath - 09535866270 http://www.tmksinfotech.com and http://www.bemtechprojects.com 2024 and 2025 IEEE Projects@ TMKS Infotech,Bangalore

Uploaded by

Manju Nath

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

61 views

Attribute Based Management of Secure Kubernetes Cloud Bursting

Uploaded by

Manju Nath

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 9

Attribute Based Management of Secure Kubernetes

Cloud Bursting
ABSTRACT

In modern cloud computing, the need for flexible and scalable orchestration of
services, combined with robust security measures, is paramount. In this paper, we
propose an innovative approach for managing secure cloud bursting in Kubernetes,
combining Attribute-Based Encryption (ABE) with Kubernetes labeling. Our model
addresses the challenges of complexity, cost, and data protection compliance by
leveraging both Kubernetes and ABE. We introduce an attribute-based bursting
component that uses Kubernetes labels for orchestration, and an encryption
component that employs ABE for data protection. This unified management model
ensures data confidentiality while enabling efficient cloud bursting. Our approach
combines the strengths of label-based orchestration with fine-grained encryption,
providing a technologically advanced yet user-friendly solution for secure cloud
bursting. We present a proof-of-concept implementation that demonstrates the
feasibility and effectiveness of our model. Our approach offers a unified solution that
complies with security and privacy laws while meeting the needs of contemporary
cloud-based systems.

EXISTING SYSTEM

In [47], the authors propose a ciphertext-policy ABE (CP-ABE) scheme with

efficient user revocation for cloud storage system. User revocation is handled by
introducing the concept of user group, with the rule of updating private keys of the
users remaining in the group when any other user leaves it. In addition, since the
computation cost of CP-ABE grows linearly with the complexity of the access
structure, in order to mitigate it they propose to offload high computation demand to
cloud service providers without leaking file content and secret keys. They prove that
the proposed scheme can withstand collusion attack performed by the revoked users
cooperating with the remaining ones. A similar approach, which requires the update
of the unrevoked users’ keys, is proposed in [66]. It is based on the use of a group
manager to accomplish this task. It also applies re-encryption technology to prevent
the revoked users from decrypting ciphertexts.

The recent proposal by Chen et al., RABE-DI [33], is an ABE scheme capable of
addressing a different problem, namely protecting data integrity after user revocation,
ensuring better efficiency compared to state-of-the-art proposals.

The proposal in [44] is based on a different approach. It consists of an efficient and

provably secure cloud data sharing scheme (ABEDS-RR) using CP-ABE. The
scheme makes use of a semi-trusted proxy party to transform part of the ciphertext
with a conversion key. Compared with most existing schemes, when the attributes of
a user are changed, only the private key and conversion key of that user need to be
modified, leaving the other users’ keys and all ciphertext unchanged.

Bera et al. [22] propose an approach named Attribute- Based verifiable Data Storage
and data Retrieval Scheme (ABDSRS) for cloud environments. It employs an
attribute based online-offline mechanism, in which only authorized data owners can
anonymously upload data to the cloud. In addition, a data user can perform searching
operations over encrypted data by using keyword policy.

Ahuja and Mohanty [15] propose an extension of CP-ABE in order to provide shared
access privileges among users and delegation of access privileges in a flexible
manner, without sacrificing scalability and fine-grained access control. The proposed
solution merges CP-ABE with a hierarchical structure [64] to achieve scalability by
decentralizing the key issuing authority at different levels of hierarchy. In more
detail, lower level users get secret keys from the users that have a higher position in
the hierarchy. The scheme results to be resistant to cheating and collusion attacks.

Repetto et al. [55] proposed a methodological approach for designing and

implementing heterogeneous security services for distributed systems. The
framework utilizes a hybrid architecture based on Attribute-Based Access Control
(ABAC), ABE, and blockchain technology to provide secure and efficient access
control in decentralized and distributed environments. ABE cryptographic primitives
are specifically used to extend the ABAC functions. They implement an online
authorization procedure, support time-limited authorization, protect against collusion
attacks, and protect user privacy. Such features had previously been investigated by
Sciancalepore et al. in the paper [59].

Lu et al. [49] propose a policy-driven approach to secure data sharing using an

integration of ABAC and ABE. Private data is shared in ciphertext form between
edge nodes to mitigate potential security problems such as privacy leakage. All the
papers [49], [55], [59] propose integrating ABE and ABAC to improve security of
existing solutions. However, none of them fits into the context of resource and
service orchestration.

Finally, Chiquito et al. in [34] survey attribute-based approaches for access control to
data, focusing on policy management and enforcement. The paper aims at identifying
the key properties provided by ABAC and ABE that can be used to control data
access to prevent leakage to unauthorized users while providing easy-to-manage
policies. To achieve this goal, they identify knowledge gaps.
Disadvantages
 An existing system didn’t explore CIPHERTEXT-POLICY ATTRIBUTE-
BASED ENCRYPTION.
 An existing system didn't implement key-policy ABE (KP-ABE) data are
encrypted over a set of attributes and user keys allow accessing a tree which
can distinguish attributes.

Proposed System

In this paper we make use of Kubernetes, since today it is one of the most appreciate
tools for managing distributed systems, especially in the context of cloud computing.
It provides flexibility though different built-in components and tools. Among them,
the usage of labels and label selectors can be exploited to simplify cloud bursting
operations. While Kubernetes best practices recommend that labels be assigned
semantic meanings before being used [9], there is currently no standardized method
for enforcing this practice. Our goal is to develop a systematic approach in the
context of cloud bursting that ensures semantic meaning associated with the generic
Kubernetes label concept. Furthermore, it emerged that Kubernetes management
does not suitably address all the security aspects related to data confidentiality and
access controls, which are central in cloud bursting [6]. Kubernetes incorporates
access management, but it requires separate configuration processes that are
decoupled from the logic of the orchestrated functions. Moreover, the existing access
management mechanisms in Kubernetes have certain limitations in terms of
managing complex authorization scenarios and are constrained by their policy scope.
Hence, these limitations are challenging for achieving comprehensive and secure
resource management in the context of cloud bursting. To overcome these
limitations, in this paper we propose an architectural solution to address the security
challenges of cloud bursting that integrates the Kubernetes orchestration with
attribute-based encryption.

Advantages

1) Association of semantic meaning with key labels, giving them the role of
attributes. This approach adds context to the cloud bursting configuration and
improves label comprehension.
2) Leveraging the Attribute-Based Encryption (ABE) technology, deployed through a
cloud service, to improve security levels, in terms of data privacy, confidentiality,
and access control, through fine-grained policies. This ABE component works
seamlessly within the Kubernetes environment, aligning with attribute logic and
improving overall system security.
3) Simplification and speed-up of configuration based on a unified management layer
that handles holistically all attributes, including the ones directly used by Kubernetes
and by the ABE module. This unification ensures transparency and ease of use for
administrators, eliminating the need for separate configurations and additional
harmonization functions, as well as a streamlined experience.

SYSTEM REQUIREMENTS