The disaggregation of monolithic applications in containerized microservices inevitably weaken their security posture. In this context, leveraging the cloning feature of containerized environments, we propose Decepto, a software platform that integrates a high-interaction cyber deception mechanism within cloud-native applications using Kubernetes (K8s). In particular, our deception solution automatically generates decoys as clones of production microservices and deploys them to look like legitimate microservices. Attackers that unknowingly interact with such deceptive artifacts are reliably detected and monitored. In this work, we first present Decepto technical implementation, then we demonstrate its functionalities and related computational performance overhead emulating a practical attack scenario on a real K8s cluster.
Demo: Cloud-native Cyber Deception with Decepto
Santoro, Daniele;Zambianco, Marco;Facchinetti, Claudio;Siracusa, Domenico
2024-01-01
Abstract
The disaggregation of monolithic applications in containerized microservices inevitably weaken their security posture. In this context, leveraging the cloning feature of containerized environments, we propose Decepto, a software platform that integrates a high-interaction cyber deception mechanism within cloud-native applications using Kubernetes (K8s). In particular, our deception solution automatically generates decoys as clones of production microservices and deploys them to look like legitimate microservices. Attackers that unknowingly interact with such deceptive artifacts are reliably detected and monitored. In this work, we first present Decepto technical implementation, then we demonstrate its functionalities and related computational performance overhead emulating a practical attack scenario on a real K8s cluster.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
