{"id":"https://openalex.org/W7124973176","doi":"https://doi.org/10.1109/cloudcom67567.2025.11331483","title":"Secure Kubernetes Workload Deployment with Automated Enforcement of Cluster-Defined Policies","display_name":"Secure Kubernetes Workload Deployment with Automated Enforcement of Cluster-Defined Policies","publication_year":2025,"publication_date":"2025-11-14","ids":{"openalex":"https://openalex.org/W7124973176","doi":"https://doi.org/10.1109/cloudcom67567.2025.11331483"},"language":"en","primary_location":{"id":"doi:10.1109/cloudcom67567.2025.11331483","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloudcom67567.2025.11331483","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062999439","display_name":"Matthew Rossi","orcid":"https://orcid.org/0000-0001-6459-0810"},"institutions":[{"id":"https://openalex.org/I11039511","display_name":"University of Bergamo","ror":"https://ror.org/02mbd5571","country_code":"IT","type":"education","lineage":["https://openalex.org/I11039511"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Matthew Rossi","raw_affiliation_strings":["Universit&#x00E0; degli Studi di Bergamo,Italy"],"affiliations":[{"raw_affiliation_string":"Universit&#x00E0; degli Studi di Bergamo,Italy","institution_ids":["https://openalex.org/I11039511"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018550804","display_name":"Michele Beretta","orcid":"https://orcid.org/0009-0003-4026-8589"},"institutions":[{"id":"https://openalex.org/I11039511","display_name":"University of Bergamo","ror":"https://ror.org/02mbd5571","country_code":"IT","type":"education","lineage":["https://openalex.org/I11039511"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Michele Beretta","raw_affiliation_strings":["Universit&#x00E0; degli Studi di Bergamo,Italy"],"affiliations":[{"raw_affiliation_string":"Universit&#x00E0; degli Studi di Bergamo,Italy","institution_ids":["https://openalex.org/I11039511"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050640141","display_name":"Dario Facchinetti","orcid":"https://orcid.org/0000-0001-7534-6055"},"institutions":[{"id":"https://openalex.org/I11039511","display_name":"University of Bergamo","ror":"https://ror.org/02mbd5571","country_code":"IT","type":"education","lineage":["https://openalex.org/I11039511"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Dario Facchinetti","raw_affiliation_strings":["Universit&#x00E0; degli Studi di Bergamo,Italy"],"affiliations":[{"raw_affiliation_string":"Universit&#x00E0; degli Studi di Bergamo,Italy","institution_ids":["https://openalex.org/I11039511"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026292704","display_name":"Stefano Paraboschi","orcid":"https://orcid.org/0000-0003-0399-1738"},"institutions":[{"id":"https://openalex.org/I11039511","display_name":"University of Bergamo","ror":"https://ror.org/02mbd5571","country_code":"IT","type":"education","lineage":["https://openalex.org/I11039511"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Stefano Paraboschi","raw_affiliation_strings":["Universit&#x00E0; degli Studi di Bergamo,Italy"],"affiliations":[{"raw_affiliation_string":"Universit&#x00E0; degli Studi di Bergamo,Italy","institution_ids":["https://openalex.org/I11039511"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5062999439"],"corresponding_institution_ids":["https://openalex.org/I11039511"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.7368661,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10715","display_name":"Distributed and Parallel Computing Systems","score":0.20659999549388885,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10715","display_name":"Distributed and Parallel Computing Systems","score":0.20659999549388885,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10101","display_name":"Cloud Computing and Resource Management","score":0.16769999265670776,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.15559999644756317,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.732200026512146},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6873999834060669},{"id":"https://openalex.org/keywords/scheduling","display_name":"Scheduling (production processes)","score":0.5709999799728394},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.4959999918937683},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.46389999985694885},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.42879998683929443},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.4036000072956085},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.3772999942302704},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.34459999203681946}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8263000249862671},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.732200026512146},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6873999834060669},{"id":"https://openalex.org/C206729178","wikidata":"https://www.wikidata.org/wiki/Q2271896","display_name":"Scheduling (production processes)","level":2,"score":0.5709999799728394},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.4959999918937683},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4724000096321106},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.46389999985694885},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.44440001249313354},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.42879998683929443},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.4036000072956085},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.3772999942302704},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.34459999203681946},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.34290000796318054},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.33500000834465027},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.3264000117778778},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.30730000138282776},{"id":"https://openalex.org/C111873713","wikidata":"https://www.wikidata.org/wiki/Q1641413","display_name":"Job scheduler","level":3,"score":0.30079999566078186},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.30079999566078186},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.30000001192092896},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2935999929904938},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2791999876499176},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.27869999408721924},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.27639999985694885},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.26899999380111694},{"id":"https://openalex.org/C51332947","wikidata":"https://www.wikidata.org/wiki/Q1172305","display_name":"Shared resource","level":2,"score":0.26499998569488525}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/cloudcom67567.2025.11331483","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cloudcom67567.2025.11331483","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)","raw_type":"proceedings-article"},{"id":"pmh:oai:aisberg.unibg.it:10446/317168","is_oa":false,"landing_page_url":"https://hdl.handle.net/10446/317168","pdf_url":null,"source":{"id":"https://openalex.org/S4377196347","display_name":"Aisberg (University of Bergamo)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11039511","host_organization_name":"University of Bergamo","host_organization_lineage":["https://openalex.org/I11039511"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1941646418","https://openalex.org/W1971743564","https://openalex.org/W1985229168","https://openalex.org/W2108343462","https://openalex.org/W2115334003","https://openalex.org/W2141992894","https://openalex.org/W2336467084","https://openalex.org/W2644225658","https://openalex.org/W2754249243","https://openalex.org/W3172661776","https://openalex.org/W4281680218","https://openalex.org/W4283371092","https://openalex.org/W4382456751","https://openalex.org/W4383221427","https://openalex.org/W4383221434","https://openalex.org/W4383221474","https://openalex.org/W4387321188","https://openalex.org/W4393145346","https://openalex.org/W4405576838","https://openalex.org/W4411151752","https://openalex.org/W4413175941","https://openalex.org/W4413175984"],"related_works":[],"abstract_inverted_index":{"Scheduling":[0],"pods":[1],"on":[2,116],"separate":[3],"physical":[4],"nodes":[5],"is":[6,20,45],"a":[7],"crucial":[8],"strategy":[9],"to":[10,49,58,69],"isolate":[11],"workloads":[12,114],"with":[13,130],"incompatible":[14],"security":[15,117],"requirements.":[16,118],"In":[17],"Kubernetes,":[18],"this":[19,121,139],"enforced":[21],"using":[22,72],"metadata":[23],"such":[24],"as":[25],"node":[26],"selectors,":[27],"affinity":[28],"rules,":[29],"and":[30,47,61,80,107,111,147,167],"topology":[31],"spread":[32],"constraints,":[33],"all":[34],"manually":[35],"defined":[36,74],"by":[37,83],"developers":[38],"at":[39,76],"resource":[40,97],"creation.":[41],"The":[42,89,158],"aforementioned":[43],"process":[44],"complex":[46],"prone":[48],"errors,":[50],"frequently":[51],"resulting":[52],"in":[53],"misconfigurations":[54],"that":[55],"expose":[56],"systems":[57],"data":[59],"breaches":[60],"regulatory":[62],"violations.":[63],"This":[64],"paper":[65],"proposes":[66],"an":[67],"approach":[68,140],"constrain":[70],"scheduling":[71,110],"policies":[73,146],"once":[75],"the":[77,125,162,168],"cluster":[78],"level":[79],"automatically":[81],"evaluated":[82],"Kubernetes":[84,127],"during":[85],"each":[86],"workload":[87],"deployment.":[88],"advantages":[90],"are":[91],"(i)":[92],"automatic":[93],"rejection":[94],"of":[95,113,164],"uncompliant":[96],"creation":[98],"requests,":[99],"(ii)":[100],"streamlined":[101],"support":[102],"for":[103,133],"executing":[104],"multi-tenant":[105],"workloads,":[106],"(iii)":[108],"secure":[109],"deployment":[112],"based":[115],"To":[119],"implement":[120],"solution,":[122],"we":[123],"integrate":[124],"native":[126],"node-filtering":[128],"capabilities":[129],"OPA":[131],"Gatekeeper":[132],"policy":[134],"enforcement.":[135],"We":[136],"demonstrate":[137],"how":[138],"reliably":[141],"enforces":[142],"common":[143],"corporate":[144],"governance":[145],"analyze":[148],"its":[149],"performance":[150],"advantage":[151],"over":[152],"isolation":[153],"achieved":[154],"solely":[155],"through":[156],"sandboxing.":[157],"experimental":[159],"evaluation":[160],"confirms":[161],"effectiveness":[163],"our":[165],"proposal":[166],"minimal":[169],"overhead.":[170]},"counts_by_year":[],"updated_date":"2026-02-23T20:09:44.859080","created_date":"2026-01-21T00:00:00"}