[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Tencrypt: Hardening OpenShift by Encrypting Tenant Traffic (concept proposal, feedback welcome!)

Dear OpenShift devs,

maybe some of you are interested in my recently finished work on an
evaluation and implementation of a traffic encryption technique in
OpenShift (which might work in Kubernetes, too).

tl;dr: Tencrypt implements a transparent encryption proxy for network
traffic originating from Pods towards Pods of the same OpenShift
Project, without the need for any changes in deployment images (hence

Feedback very welcome! I would be very happy about input, as my next
(current) student thesis will extend Tencrypt.

Published blog article: https://dpataky.eu/l/tencrypt-blog
PDF report: https://dpataky.eu/l/tencrypt-report

# # # # # # #

The aim of this work is the research of possibilities which allow
automatic and transparent encryption of internal network traffic between
applications of Tenants in a multi-tenant OpenShift infrastructure.
Key feature is the earliest-possible encryption of network packets after
packet creation, with a low impact on performance. The usage of
dedicated network namespaces in container environments is taken into
account. This work discusses different design alternatives. After a
well-grounded choice of one design, this approach is evaluated in
regards to performance using a prototypic implementation.

# # # # # # #

What do you think about the concept?
Should the work be proceeded in this direction?
Any gross errors which were overlooked in the design?

Thank you all in advance!

Dominik Pataky
Student of Computer Science at the TU Dresden, Germany

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]