Fany Muhammad Fahmi Kamilah, - (2025) PERANCANGAN ARSITEKTUR PENYEDIAAN SERVER DENGAN PENGAMANAN MENGGUNAKAN VIRTUALISASI DAN KONTAINERISASI. S1 thesis, Universitas Pendidikan Indonesia.
Abstract
Perkembangan server multi-tenant menjadi tantangan kritis di era digital, terutama seiring meningkatnya kompleksitas ancaman siber seperti Remote Code Execution (RCE), Privilege Escalation, dan Sandbox Escape. Penelitian ini bertujuan merancang arsitektur server multi-tenant yang aman dengan menggabungkan pendekatan virtualisasi menggunakan Proxmox dan kontainerisasi berbasis K3S untuk meningkatkan isolasi sumber daya dan meminimalisir dampak serangan. Metode penelitian menggunakan pendekatan Design and Development (D&D) dengan tahapan analisis, desain arsitektur hybrid, dan pengujian melalui analisis serangan berbasis Attack Path Analysis. Hasil penelitian menunjukkan bahwa arsitektur hybrid ini berhasil menciptakan isolasi hierarkis melalui kombinasi lapisan virtual machine (VM) menggunakan Proxmox dan isolasi kontainer dengan K3S, diperkuat oleh segmentasi jaringan menggunakan VXLAN. Analisa serangan terstruktur mengungkapkan bahwa penyerang memerlukan minimal 7 tahap eksploitasi melintasi VM, kontainer, dan jaringan untuk memengaruhi tenant lain, karena terdapatnya pengamanan berlapis. Hasil dari attack path analysis ini menunjukan bahwa integrasi virtualisasi dan kontainerisasi dapat memberikan barimeter keamanan berlapis sehingga penyerang untuk dapat mencapai target atau sistem utama harus melakukan eksploitasi disetiap langkah dikarenakan adanya isolasi pada arsitektur yang diimplementasikan. ---------- The development of multi-tenant servers is a critical challenge in the digital era, especially as the complexity of cyber threats such as Remote Code Execution (RCE), Privilege Escalation, and Sandbox Escape increases. This research aims to design a secure multi-tenant server architecture by combining virtualization approaches using Proxmox and K3S-based containerization to improve resource isolation and minimize the impact of attacks. The research method uses a Design and Development (D&D) approach with stages of analysis, hybrid architecture design, and testing through Attack Path Analysis-based attack analysis. The results show that this hybrid architecture successfully creates hierarchical isolation through a combination of virtual machine (VM) layers using Proxmox and container isolation with K3S, reinforced by network segmentation using VXLAN. Structured attack analysis revealed that an attacker requires a minimum of 7 stages of exploitation across VMs, containers, and networks to affect other tenants, due to the presence of layered security. The results of this attack path analysis show that the integration of virtualization and containerization can provide a layered security barimeter so that attackers to reach the target or main system must perform exploitation at each step due to the isolation of the implemented architecture.
![[img]](http://repository.upi.edu/style/images/fileicons/text.png) |
Text
S_TEKOM_2004339_Title.pdf Download (606kB) |
|
Text
S_TEKOM_2004339_Chapter1.pdf Download (278kB) |
|
Text
S_TEKOM_2004339_Chapter2.pdf Restricted to Staf Perpustakaan Download (41kB) |
|
Text
S_TEKOM_2004339_Chapter3.pdf Restricted to Staf Perpustakaan Download (175kB) |
|
Text
S_TEKOM_2004339_Chapter4.pdf Restricted to Staf Perpustakaan Download (470kB) |
|
Text
S_TEKOM_2004339_Chapter5.pdf Download (15kB) |
|
Text
S_TEKOM_2004339_Appendix.pdf Download (11kB) |
| Item Type: | Thesis (S1) |
|---|---|
| Additional Information: | https://scholar.google.com/citations?user=XLb32icAAAAJ |
| Uncontrolled Keywords: | Keamanan Server, Virtualisasi, Kontainerisasi, Proxmox, K3S, RCE, VXLAN.Server Security |
| Subjects: | L Education > L Education (General) Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General) |
| Divisions: | UPI Kampus cibiru > S1 Teknik Komputer |
| Depositing User: | Fany Muhammad Fahmi Kamilah |
| Date Deposited: | 06 Mar 2025 06:50 |
| Last Modified: | 06 Mar 2025 06:50 |
| URI: | http://repository.upi.edu/id/eprint/130842 |
Actions (login required)
 |
View Item |