A secure cross‐organizational container deployment approach to enable ad hoc collaborations. Issue 4 (30th December 2021)
- Record Type:
- Journal Article
- Title:
- A secure cross‐organizational container deployment approach to enable ad hoc collaborations. Issue 4 (30th December 2021)
- Main Title:
- A secure cross‐organizational container deployment approach to enable ad hoc collaborations
- Authors:
- Van Hoye, Laurens
Wauters, Tim
De Turck, Filip
Volckaert, Bruno - Abstract:
- Summary: When organizations need to collaborate urgently, for example, in the case of an emergency situation, it is needed to deploy software components into the different domains in order to allow crucial data to be exchanged. The ad hoc aspect is important as it does not allow the participating organizations to negotiate entire workflows and/or contracts upfront. To enable these ad hoc cross‐organizational collaborations, a container orchestration platform, like Kubernetes, can be used to quickly deploy pods of containers in a cross‐organizational overlay network, even fully automated. Although this is technically feasible, there may be a trust issue from the perspective of a participating organization when an external organization is capable of deploying any software inside its network domain. This concern is examined and resolved in this article, by proposing an extension to the existing deployment scheme used in vanilla Kubernetes. It allows the participating organizations to assess whether a suggested deployment conforms to the goal of the project and to maintain an overview of all activities related to a single collaboration. This intermediate step prevents an honest organization against potentially malicious behaviour of external entities, either the orchestrator and/or the other organizations, solving the aforementioned trust issue. Evaluation of the implemented prototype shows that a secure collaboration, which requires at most tens of containers, can be attainedSummary: When organizations need to collaborate urgently, for example, in the case of an emergency situation, it is needed to deploy software components into the different domains in order to allow crucial data to be exchanged. The ad hoc aspect is important as it does not allow the participating organizations to negotiate entire workflows and/or contracts upfront. To enable these ad hoc cross‐organizational collaborations, a container orchestration platform, like Kubernetes, can be used to quickly deploy pods of containers in a cross‐organizational overlay network, even fully automated. Although this is technically feasible, there may be a trust issue from the perspective of a participating organization when an external organization is capable of deploying any software inside its network domain. This concern is examined and resolved in this article, by proposing an extension to the existing deployment scheme used in vanilla Kubernetes. It allows the participating organizations to assess whether a suggested deployment conforms to the goal of the project and to maintain an overview of all activities related to a single collaboration. This intermediate step prevents an honest organization against potentially malicious behaviour of external entities, either the orchestrator and/or the other organizations, solving the aforementioned trust issue. Evaluation of the implemented prototype shows that a secure collaboration, which requires at most tens of containers, can be attained with sub‐second deployment overheads per container, apart from the required manual interventions for trust management purposes. Abstract : Ad hoc cross‐organizational container deployment requires trust from all participating organizations, as a central orchestrator has the power to deploy any software in the connected network domains. This article presents a transparent extension for Kubernetes allowing each of the hosting organizations to verify deployments suggested by potentially malicious external entities. … (more)
- Is Part Of:
- International journal of network management. Volume 32:Issue 4(2022)
- Journal:
- International journal of network management
- Issue:
- Volume 32:Issue 4(2022)
- Issue Display:
- Volume 32, Issue 4 (2022)
- Year:
- 2022
- Volume:
- 32
- Issue:
- 4
- Issue Sort Value:
- 2022-0032-0004-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2021-12-30
- Subjects:
- authentication -- authorization -- cross‐organizational -- Kubernetes -- UMA
Computer networks -- Management -- Periodicals
004.6 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1099-1190 ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/nem.2194 ↗
- Languages:
- English
- ISSNs:
- 1055-7148
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.373300
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22369.xml