KUBERNETES IN CYBERSECURITY: ARCHITECTURE, VULNERABILITIES, AND DEFENSE-IN-DEPTH HARDENING FRAMEWORKS
;
https://doi.org/10.5281/zenodo.20355485;
Kubernetes Security, Cloud-Native Cybersecurity, Container Escape, API Hardening, Multi-Tenancy Isolation, RBAC.Abstrak
As cloud-native computing establishes itself as the operational backbone of modern enterprises, Kubernetes (K8s) has emerged as the unchallenged industry standard for container orchestration. However, its complex architectural framework and extensive API interface expose an expanded attack surface, making it a critical focus in cybersecurity research. This paper presents a systematic review of Kubernetes in cybersecurity, focusing on vulnerabilities, real-world incident statistics, and defensive strategies published between 2020 and 2025. We explore structural components—including the control plane, worker nodes, and the API gateway—and evaluate how minor misconfigurations propagate into full cluster compromises via chained escape attacks. This study contrasts native Role-Based Access Control (RBAC) with emerging fine-grained mitigation frameworks like KubeFence, automated scheduling constraints, and policy-as-code engines. Finally, empirical security statistics from recent threat reports are analyzed to deliver a structured, defense-in-depth matrix essential for cloud security architects safeguarding multi-tenant containerized environments.Iqtiboslar
Cesarano, C., & Natella, R. (2025). KubeFence: Security Hardening of the Kubernetes Attack Surface. In Proceedings of the 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 12-24. https://doi.org/10.1109/DSN64029.2025.00054
Anonymous Authors. (2024). Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads. MDPI Systems and Infrastructure Security, 5(2), 30-45. https://www.mdpi.com/2624-800X/5/2/30
Polito Research Group. (2024). Automated Vulnerability Assessment and Remediation in Cloud-Native Environments. Politecnico di Torino Master Theses, 102-118.
IEEE Cloud Security Consortium. (2025). From Container to Cluster: Chained Escape Attacks in Kubernetes and Orchestration Platforms. IEEE Xplore Digital Library, 11223-11234. https://doi.org/10.1109/IEEEXplore.2025.11223725
Bergamo Security Labs. (2025). Secure Kubernetes Workload Deployment with Automated Enforcement of Cluster-Defined Policies. In Proceedings of the IEEE International Conference on Cloud Computing (CLOUDCOM), 45-58.
Red Hat Enterprise. (2024). The State of Kubernetes Security Report 2024. Red Hat Market Intelligence Reports, 1-28.
Chen, A., Jin, Z., Guo, Z., & Chen, Y. (2025). Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators. arXiv preprint, arXiv:2507.03387. https://doi.org/10.48550/arxiv.2507.03387
Torino Informatics Association. (2026). Addressing concept drift in 5G CVE classification with LLMs. CEUR Workshop Proceedings, 4198, 16-29.
##submission.downloads##
Nashr qilingan
Nashr
Bo'lim
Litsenziya
##submission.copyrightStatement##
##submission.license.cc.by4.footer##Iqtibos keltirish tartibi
