AppArmor, SELinux and eBPF
Accuknox offers runtime protection for your Kubernetes and other cloud workloads is provided using Kernel Native Primitives such as
eBPF for Networking (L3, L4 and L7 security) and observability
Linux Security Modules (LSM) - Accuknox uses AppArmor and SELinux both are active Linux Security Modules for application hardening and security at runtime.
Both eBPF and Linux Security Modules (LSMS) are well known approaches to hardening / protecting workloads running in Linux.
KubeArmor is an open source application hardening and runtime security solution for Cloud Native workloads. https://github.com/accuknox/KubeArmor
KubeArmor uses Linux Security Modules (LSMs – AppArmor or SELinux to enforce application security), Syscall Filtering and soon eBPF LSMs to support hardening of a given process or container while interacting with the host, resources or other processes locally or across the network.
Additionally, KubeArmor produces alert logs for policy violations that happen in containers by monitoring the operations of containers’ processes using its eBPF-based system monitor.
KubeArmor allows operators to define security policies based on Kubernetes metadata and simply apply them into Kubernetes.
Additionally KubeArmor supports virtual machine and baremetal workloads at this moment of time.
Cilium is an open source project to provide networking, security, and observability for cloud native environments such as Kubernetes clusters and other container orchestration platforms . Cilium uses eBPF which is a Linux kernel technology that allows dynamic inserts of a program (called eBPF program) to be safely executed into Linux kernel. Cilium operates as a CNI (Container Networking Interface) running in each node of the cluster.
Auto Policy Discovery¶
The auto policy discovery is a fully open source component that can fully automatically discover the security profile of your application by observing it in a given environment.