Cilium and VDM -- Towards Formal Analysis of Cilium Policies
Tomas Kulik, Jalil Boudjadar
TL;DR
This paper explores formal analysis of Cilium network policies in Kubernetes-based industrial control systems using VDM-SL, aiming to improve security and correctness in distributed, component-based architectures.
Contribution
It introduces a formalisation approach for Cilium policies with VDM-SL and demonstrates analysis scenarios to validate policy correctness in industrial systems.
Findings
Formalisation of Cilium policies using VDM-SL
Validation of policies against real-life system models
Identification of potential policy issues through analysis
Abstract
Industrial control systems are becoming more distributed and interconnected to allow for interaction with modern computing infrastructures. Furthermore, the amount of data generated by these systems is increasing due to integration of more sensors and the need to increase the reliability of the system based on predictive data models. One challenge in accommodating this data and interconnectivity increase is the change of the architecture of these systems from monolithic to component based, distributed systems. Questions such as how to deploy and operate such distributed system with many sub-components arise. One approach is the use of kubernetes to orchestrate the different components as containers. The critical nature of the industrial control systems however often requires strict component isolation and network segmentation to satisfy security requirements. Cilium is a popular network…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCatalytic Processes in Materials Science · Muon and positron interactions and applications