Attribute Based Management of Secure Kubernetes Cloud Bursting

Harsha Vardhan; Yousuf Khan; Venkata Nikhil; Jyoshna Priya; P Siva Lakshmi

doi:10.5281/zenodo.15263369

Authors

Harsha Vardhan Annamacharya Institute of Technology and Sciences
Yousuf Khan Annamacharya Institute of Technology and Sciences
Venkata Nikhil Annamacharya Institute of Technology and Sciences
Jyoshna Priya Annamacharya Institute of Technology and Sciences
P Siva Lakshmi Annamacharya Institute of Technology and Sciences

DOI:

https://doi.org/10.5281/zenodo.15263369

Keywords:

Cloud bursting, orchestration, attribute-based encryption, Kubernetes

Abstract

In contemporary cloud computing, ensuring flexible and scalable service orchestration alongside strong security measures is crucial. This paper presents a novel strategy for securely managing cloud bursting in Kubernetes by integrating Attribute-Based Encryption (ABE) with Kubernetes labelling. Our proposed model tackles challenges related to complexity, cost, and compliance with data protection regulations by leveraging both Kubernetes and ABE. The approach introduces an attribute-based bursting mechanism that utilizes Kubernetes labels for orchestration, alongside an encryption component that employs ABE to safeguard data. This integrated management framework enhances data confidentiality while optimizing cloud bursting efficiency. By merging label-based orchestration with fine-grained encryption, our model delivers a secure yet user- Venkata Nikhilsolution. A proof-of-concept implementation validates the practicality and effectiveness of our approach, demonstrating its capability to align with security and privacy regulations while addressing the demands of modern cloud environments.

References

Amazon Web Services, Inc. (n.d.). Amazon Elastic Kubernetes Service (Amazon EKS). Retrieved June 8, 2023, from https://aws.amazon.com/eks/?nc1=h_ls

Google. (n.d.). Google Kubernetes Engine. Retrieved June 8, 2023, from https://cloud.google.com/kubernetes-engine

International Business Machines Corporation. (n.d.). IBM Kubernetes Service. Retrieved June 8, 2023, from https://www.ibm.com/cloud/kubernetes-service

Docs.rs. (n.d.). Module aw11 rabe. Retrieved January 5, 2024, from https://docs.rs/rabe/latest/rabe/schemes/aw11/index.html

Oracle Computing Software Company. (n.d.). Oracle Cloud Native Services—Container Engine for Kubernetes. Retrieved June 8, 2023, from https://www.oracle.com/cloud/cloud-native/container-engine-kubernetes/

Kubernetes.io. (2019, March). Security best practices for Kubernetes deployment. Retrieved from https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/

Google. (2023, December). Anthos. Retrieved from https://cloud.google.com/anthos

Palo Alto Networks, Inc. (2023, December). Cloud Native Application Protection Platform. Retrieved from https://www.paloaltonetworks.com/prisma/cloud/cloud-native-application-protection-platform

Kubernetes.io. (2023, July). Configuration best practices: Using labels. Retrieved from https://kubernetes.io/docs/concepts/configuration/overview/#using-labels

CloudBees Software Company. (2023, December). Configuring CloudBees Build Acceleration for Agent Cloud Bursting. Retrieved from https://docs.cloudbees.com/docs/cloudbees-build-acceleration/latest/configuration-guide/config-accelerator-agents-for-cloud-burst

Periasamy, K., Periasamy, S., Velayutham, S., Zhang, Z., Ahmed, S. T., & Jayapalan, A. (2022). A proactive model to predict osteoporosis: An artificial immune system approach. Expert Systems, 39(4), e12708.

Ahmed, S. T., Basha, S. M., Ramachandran, M., Daneshmand, M., & Gandomi, A. H. (2023). An edge-AI-enabled autonomous connected ambulance-route resource recommendation protocol (ACA-R3) for eHealth in smart cities. IEEE Internet of Things Journal, 10(13), 11497-11506.

Kumar, S. S., Ahmed, S. T., Sandeep, S., Madheswaran, M., & Basha, S. M. (2022). Unstructured Oncological Image Cluster Identification Using Improved Unsupervised Clustering Techniques. Computers, Materials & Continua, 72(1).

Pasha, A., Ahmed, S. T., Painam, R. K., Mathivanan, S. K., Mallik, S., & Qin, H. (2024). Leveraging ANFIS with Adam and PSO optimizers for Parkinson's disease. Heliyon, 10(9).

Sreedhar, K. S., Ahmed, S. T., & Sreejesh, G. (2022, June). An Improved Technique to Identify Fake News on Social Media Network using Supervised Machine Learning Concepts. In 2022 IEEE World Conference on Applied Intelligence and Computing (AIC) (pp. 652-658). IEEE.

Ahmed, S. T., Fathima, A. S., Nishabai, M., & Sophia, S. (2024). Medical ChatBot assistance for primary clinical guidance using machine learning techniques. Procedia Computer Science, 233, 279-287.

GitHub. (2023, December). Kubernetes autoscaler. Retrieved from https://github.com/kubernetes/autoscaler

Pecoraro, F., Clemente, F., & Luzi, D. (2020). The efficiency in the ordinary hospital bed management in Italy: An in-depth analysis of intensive care unit in the areas affected by COVID-19 before the outbreak. PLOS ONE, 15(9), e0239249.

Hassan, M., Tuckman, H. P., Patrick, R. H., Kountz, D. S., & Kohn, J. L. (2010). Hospital length of stay and probability of acquiring infection. International Journal of Pharmaceutical and Healthcare Marketing, 4(4), 324–338.

Microsoft Corporation. (2018, August 31). Securing Kubernetes workloads in hybrid settings with Aporeto. Retrieved from https://cloudblogs.microsoft.com/opensource/2018/08/31/securing-kubernetes-workloads-hybrid-cloud-aporeto/

Virtual Kubelet. (2023, December). Virtual kubelet. Retrieved from https://virtualkubelet.io/

Ahuja, R., & Mohanty, S. K. (2020). A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Transactions on Cloud Computing, 8(1), 32–44.

Ameer, S., Benson, J., & Sandhu, R. (2022). An attribute-based approach toward a secured smart-home IoT access control and a comparison with a role-based approach. Information, 13(2), 60.

Balouek-Thomert, D., Renart, E. G., Zamani, A. R., Simonet, A., & Parashar, M. (2019). Towards a computing continuum: Enabling edge-to-cloud integration for data-driven workflows. International Journal of High Performance Computing Applications, 33(6), 1159–1174.

Baresi, L., Mendonça, D. F., Garriga, M., Guinea, S., & Quattrocchi, G. (2019). A unified model for the mobile-edge-cloud continuum. ACM Transactions on Internet Technology, 19(2), 1–21.

Bellare, M., Waters, B., & Yilek, S. (2010). Identity-based encryption secure against selective opening attack. Cryptology ePrint Archive, Report 2010/159. https://eprint.iacr.org/2010/159

Benedetti, P., Femminella, M., Reali, G., & Steenhaut, K. (2022). Reinforcement learning applicability for resource-based auto scaling in serverless edge applications. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops) (pp. 674–679).

Benitez, S. (2024, January 5). Meet Rocket. Retrieved from https://rocket.rs/

Bera, S., Prasad, S., Sreenivasa Rao, Y., Das, A. K., & Park, Y. (2023). Designing attribute-based verifiable data storage and retrieval scheme in cloud computing environment. Journal of Information Security and Applications, 75, 103482.

Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy (SP'07) (pp. 321–334).

Böhm, S., & Wirtz, G. (2022). Cloud-edge orchestration for smart cities: A review of Kubernetes-based orchestration architectures. EAI Endorsed Transactions on Smart Cities, 6(18), e2.

Boneh, D. (2007). Bilinear groups of composite order. In Proceedings of the 1st International Conference on Pairing-Based Cryptography (p. 1).

Boneh, D., Goh, E., & Nissim, K. (2005). Evaluating 2-DNF formulas on ciphertexts. In Proceedings of the Theory of Cryptography Conference (pp. 325–341).

Burns, B., Grant, B., Oppenheimer, D., Brewer, E., & Wilkes, J. (2016). Borg, Omega, and Kubernetes. Communications of the ACM, 59(5), 50–57.