Threat Modeling Framework¶

Threat modeling for Kubernetes involves a structured approach to identifying, categorizing, and mitigating potential security threats.

STRIDE¶

STRIDE is a commonly used threat modeling framework that can be effectively applied to Kubernetes:

Spoofing: Unauthorized access using stolen credentials or impersonating legitimate Kubernetes components
Tampering: Unauthorized modification of Kubernetes resources, configurations, or container images
Repudiation: Lack of audit trails for actions performed in the cluster
Information Disclosure: Unauthorized access to sensitive data in pods, secrets, or ConfigMaps
Denial of Service: Attacks that make Kubernetes services unavailable
Elevation of Privilege: Gaining higher levels of access than intended

MITRE ATT&CK Framework¶

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It’s a comprehensive framework that systematically documents cyber adversary behavior.

Tactical Categories¶

Initial Access: Methods attackers use to first enter a network or system, such as phishing emails, exploiting vulnerabilities in public-facing applications, or using stolen credentials.
Execution: Techniques for running malicious code on a compromised system, including command-line interfaces, scripts, or scheduled tasks to execute the attacker’s code.
Persistence: Methods to maintain access to systems despite reboots or credential changes, including backdoors, registry modifications, or startup scripts that ensure attackers can return.
Privilege Escalation: Techniques to gain higher-level permissions, such as exploiting vulnerabilities or manipulating access tokens to obtain administrative rights needed for further attack activities.
Defense Evasion: Methods to avoid detection, including disabling security tools, clearing logs, encrypting malicious payloads, or disguising malicious activity as legitimate processes.