Skip to content

Intent driven security automation framework

License

Notifications You must be signed in to change notification settings

seungsoo-lee/nimbus_accuknox

This branch is 1 commit ahead of, 42 commits behind 5GSEC/nimbus:main.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

c3a841b · Jun 17, 2024
Jun 4, 2024
Jun 12, 2024
Jun 4, 2024
Jun 12, 2024
Jun 12, 2024
Jun 4, 2024
Jun 17, 2024
Jan 4, 2024
Jun 12, 2024
Jun 17, 2024
Feb 2, 2024
Jun 14, 2024
Jan 4, 2024
Jan 23, 2024
Dec 3, 2023
Mar 21, 2024
Nov 22, 2023
May 24, 2024
Jan 11, 2024
Jan 23, 2024
Jun 4, 2024
Jun 4, 2024

Repository files navigation

Nimbus: Intent Driven Security Operator

The aim for any organization should be to state its security goal/intents and the underlying tooling/operator should be able to convert these goals/intents into actionable elements such as policies/rules.

Nimbus aims to decouple security intents from its actual implementation i.e., use of policy engines and corresponding policies and rules. This pattern exists commonly in Kubernetes world and the best example is a storage operator, wherein the user specifies the persistent volume claims with appropriate SLA (disk space, R/W, speed) and the operator figures out the appropriate volume to bind. Nimbus intends to bring in similar abstraction for security intents wherein the user specifies the security intent and the operator figures out the best implementation method available given the deployment.

  • An Intent might get translated into a set of policies and not necessarily a single policy thus providing multi-layer defense. For example, an intent such as "Do not allow privilege escalation" could get translated in to admission controller policy and system policy as handled by runtime security engines such as KubeArmor.
  • An intent could take into consideration runtime behavior and then handle intent implementation. For e.g., an intent could be "Do not allow privilege flags for pods that are publicly reachable".
  • An intent might get fully or partially satisfied and the bindings clearly shows that status.
  • An organization can provide a blueprint of intents given a deployment and the operator could go an try to satisfy those intents in best-effort or strict mode.

Credits

This project is funded by NSF grant ...

About

Intent driven security automation framework

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 86.5%
  • Makefile 6.2%
  • Smarty 4.0%
  • Dockerfile 3.1%
  • Shell 0.2%