Privilege Escalation Attack Scenarios on the DevOps Pipeline Within a Kubernetes Environment
Is Version Of
Electrical and Computer Engineering
Companies are misled into thinking they solve their security issues by using tooling that is advertised as aligning with DevSecOps principles. This paper aims to answer the question: Could the misuse of the DevOps pipeline subject applications to malicious behavior? To answer the question, we designed a typical DevOps pipeline utilizing ubernetes (K8s) as a case study environment and analyzed the applicable threats. Then, we developed four attack scenarios against the case study environment: maliciously abusing the user’s privilege of deploying containers within the K8s cluster, abusing the Jenkins instance to modify files during the continuous integration, delivery, and eployment systems (CI/CD) build phase, modifying the K8s DNS layer to expose an internal IP to external traffic, and elevating privileges from an account with create, read, update, and delete (CRUD) privileges to root privileges. The attacks answer the research questionpositively: companies should design and use a secure DevOps pipeline and not expect that utilizing software "advertised as aligning" with DevSecOps principles alone is sufficient to deliver secure software.
This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Pecka, Nicholas, Lotfi ben Othmane, and Altaz Valani, "Privilege Escalation Attack Scenarios on the DevOps Pipeline Within a Kubernetes Environment." Proceedings of the International Conference on Software and Systems Processes (ICSSP), May 19-20, 2022. Virtual. Copyright 2022 ACM. Posted with permission.