
A secure cross-organizational container deployment approach to enable ad hoc collaborations
- Author
- Laurens Van Hoye, Tim Wauters (UGent) , Filip De Turck (UGent) and Bruno Volckaert (UGent)
- Organization
- Abstract
- When organizations need to collaborate urgently, for example, in the case of an emergency situation, it is needed to deploy software components into the different domains in order to allow crucial data to be exchanged. The ad hoc aspect is important as it does not allow the participating organizations to negotiate entire workflows and/or contracts upfront. To enable these ad hoc cross-organizational collaborations, a container orchestration platform, like Kubernetes, can be used to quickly deploy pods of containers in a cross-organizational overlay network, even fully automated. Although this is technically feasible, there may be a trust issue from the perspective of a participating organization when an external organization is capable of deploying any software inside its network domain. This concern is examined and resolved in this article, by proposing an extension to the existing deployment scheme used in vanilla Kubernetes. It allows the participating organizations to assess whether a suggested deployment conforms to the goal of the project and to maintain an overview of all activities related to a single collaboration. This intermediate step prevents an honest organization against potentially malicious behaviour of external entities, either the orchestrator and/or the other organizations, solving the aforementioned trust issue. Evaluation of the implemented prototype shows that a secure collaboration, which requires at most tens of containers, can be attained with sub-second deployment overheads per container, apart from the required manual interventions for trust management purposes.
- Keywords
- authentication, authorization, cross-organizational, Kubernetes, UMA
Downloads
-
(...).pdf
- full text (Published version)
- |
- UGent only
- |
- |
- 5.42 MB
-
AAM.pdf
- full text (Accepted manuscript)
- |
- open access
- |
- |
- 2.66 MB
Citation
Please use this url to cite or link to this publication: http://hdl.handle.net/1854/LU-8733972
- MLA
- Van Hoye, Laurens, et al. “A Secure Cross-Organizational Container Deployment Approach to Enable Ad Hoc Collaborations.” INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, vol. 32, no. 4, 2022, doi:10.1002/nem.2194.
- APA
- Van Hoye, L., Wauters, T., De Turck, F., & Volckaert, B. (2022). A secure cross-organizational container deployment approach to enable ad hoc collaborations. INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 32(4). https://doi.org/10.1002/nem.2194
- Chicago author-date
- Van Hoye, Laurens, Tim Wauters, Filip De Turck, and Bruno Volckaert. 2022. “A Secure Cross-Organizational Container Deployment Approach to Enable Ad Hoc Collaborations.” INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT 32 (4). https://doi.org/10.1002/nem.2194.
- Chicago author-date (all authors)
- Van Hoye, Laurens, Tim Wauters, Filip De Turck, and Bruno Volckaert. 2022. “A Secure Cross-Organizational Container Deployment Approach to Enable Ad Hoc Collaborations.” INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT 32 (4). doi:10.1002/nem.2194.
- Vancouver
- 1.Van Hoye L, Wauters T, De Turck F, Volckaert B. A secure cross-organizational container deployment approach to enable ad hoc collaborations. INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT. 2022;32(4).
- IEEE
- [1]L. Van Hoye, T. Wauters, F. De Turck, and B. Volckaert, “A secure cross-organizational container deployment approach to enable ad hoc collaborations,” INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, vol. 32, no. 4, 2022.
@article{8733972, abstract = {{When organizations need to collaborate urgently, for example, in the case of an emergency situation, it is needed to deploy software components into the different domains in order to allow crucial data to be exchanged. The ad hoc aspect is important as it does not allow the participating organizations to negotiate entire workflows and/or contracts upfront. To enable these ad hoc cross-organizational collaborations, a container orchestration platform, like Kubernetes, can be used to quickly deploy pods of containers in a cross-organizational overlay network, even fully automated. Although this is technically feasible, there may be a trust issue from the perspective of a participating organization when an external organization is capable of deploying any software inside its network domain. This concern is examined and resolved in this article, by proposing an extension to the existing deployment scheme used in vanilla Kubernetes. It allows the participating organizations to assess whether a suggested deployment conforms to the goal of the project and to maintain an overview of all activities related to a single collaboration. This intermediate step prevents an honest organization against potentially malicious behaviour of external entities, either the orchestrator and/or the other organizations, solving the aforementioned trust issue. Evaluation of the implemented prototype shows that a secure collaboration, which requires at most tens of containers, can be attained with sub-second deployment overheads per container, apart from the required manual interventions for trust management purposes.}}, articleno = {{e2194}}, author = {{Van Hoye, Laurens and Wauters, Tim and De Turck, Filip and Volckaert, Bruno}}, issn = {{1055-7148}}, journal = {{INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT}}, keywords = {{authentication,authorization,cross-organizational,Kubernetes,UMA}}, language = {{eng}}, number = {{4}}, pages = {{20}}, title = {{A secure cross-organizational container deployment approach to enable ad hoc collaborations}}, url = {{http://doi.org/10.1002/nem.2194}}, volume = {{32}}, year = {{2022}}, }
- Altmetric
- View in Altmetric
- Web of Science
- Times cited: