Space Satellite Cyber Security. Zero Trust Framework with AccuKnox FORTRESS

Low Earth Orbit (LEO) satellite constellations rely increasingly on containerized and virtualized workloads for agility and cost efficiency. This shift introduces new attack surfaces, including supply chain risks from third-party payloads and challenges in enforcing security across dynamic, intermittently connected environments. FORTRESS (Framework for Operational Resilience and Trust in Space Systems) addresses these challenges with a zero trust framework optimized for Space Satellite Cyber Security systems.

Security Challenges in Modern Space Architectures

Space systems face constraints and threat vectors distinct from terrestrial networks:

Here are the top 10 most critical security issues in space-edge systems:

1. Wiper malware disabling ground modems (e.g., “AcidRain” knocked out thousands of KA‑SAT modems) [source]
2. Misconfigured VPN appliances enabling lateral movement to control systems [source]
3. Malicious firmware/legitimate update exploitation used to deliver destructive code [source]
4. Spillover attacks on civilian infrastructure, e.g., German wind turbines losing control via satellite disruption [source]
5. State-sponsored satellite link hijacking, notably Russia’s use of AcidRain via GRU-affiliated groups  [source]
6. Denial-of-Service against modems rendering networks unusable  [source]
7. Evolving malware strains (e.g., AcidPour) targeting embedded devices and IoT systems [source]
8. Legacy systems with zero‑day vulnerabilities are common in satellite software stacks. [source]
9. Hijacked telemetry/control channels, allowing unauthorized command injections from the ground [source]
10. Ransomware infection vectors in orbit, with demonstrated 33% infection success in emulated LEO systems [source]

These issues highlight severe weaknesses, from supply chain to runtime, and underscore the urgent need for zero trust and runtime enforcement solutions.

Zero Trust Security for Space Systems with AccuKnox FORTRESS

FORTRESS integrates runtime enforcement, workload identity, and automated policy orchestration into the satellite application lifecycle. Built on field-proven edge security frameworks, it enforces least-permissive policies and secures inter-service communications across a constellation.

Applying Zero Trust Principles in Space Satellite Cyber Security:

• ✅ Never trust, always verify: All workloads are authenticated via SPIFFE IDs.
• ✅ Least privilege: KubeArmor enforces fine-grained policies at the system-call level.
• ✅ Continuous validation: Policies are enforced during build, deployment, and runtime.



Core Technical Components

KubeArmor for Runtime Security Enforcement

• CNCF-governed runtime policy engine for Linux containers and hosts.
• Enforces syscall, file, and network access policies using eBPF and LSM.
• Blocks or logs unauthorized actions in real time.

SPIFFE for Workload Identity and Authentication

• Assigns cryptographically verifiable identities to each workload.
• Secures service-to-service communication with mutual TLS (mTLS).

CI/CD Pipeline Security

• Automatic container image scanning and signature verification.
• Admission controllers ensure that only compliant workloads are deployed.

Auto Discover and Enforce Policies

• Discovery Engine derives minimal permissions for each application.

Policies integrated into CI/CD pipelines for early enforcement:



Figure: Our proposed deployment workflow includes policy discovery during the DevSecOps test phase for spacecraft security operations management. It combines security policy deployment with application uplink admission and least-permissive policy enforcement for host and payload apps during runtime.

Architectural Blueprint



Figure: The Space-edge integration of FORTRESS adds key components (in blue) to the runtime space-app environment to monitor, alert, and enforce security policies. The illustrated workflow includes policy discovery during standard DevOps test-phase preparation, spacecraft security operations management that combines security policy deployment with application uplink admission, and runtime least-permissive policy enforcement for all host and vendor application execution.

Secure Container Lifecycle

Phase	Security Integration
Build	Image scanning, signature validation, policy generation.
Deploy	Admission controllers enforce zero trust admission policies.
Run	KubeArmor enforces least-permissive runtime policies; SPIFFE secures communication.

Constellation-Wide Policy Orchestration

• Automates policy deployment and synchronization across distributed nodes.
• Supports integration with IBM Open Horizon and Intel Smart Edge.



Figure: Workflow for creating security blueprints, which define a tailored set of least-permissive policies that can be deployed and orchestrated across all constellation spacecraft.

Unique Differentiators

Capability	Detail
Granular Kernel-Level Enforcement	Uses eBPF for efficient, tamper-resistant monitoring and enforcement.
Adaptive Policy Enforcement	Adjusts in real time to workload changes, critical for on-orbit autonomy.
Hardware-Software Co-Design	Integrates secure boot, TPM, and firmware integrity checks with runtime security controls.
Secure Workload Deployment	Validates container images and monitors instantiation to prevent supply chain compromise.

FORTRESS provides a security solution for virtualized spacecraft payload applications that address gaps in traditional host-level and edge security tools. It offers workload-level protection by monitoring system calls and enforcing policies specific to each container’s behavior, which is typically not provided by standard host security solutions focusing on virtual machines or infrastructure. The platform supports containerized environments as well as VMs and bare-metal applications, allowing it to fit into different deployment models.

In containerized space application environments, FORTRESS uses KubeArmor to adapt security policies as containers are created, updated, or terminated, maintaining consistent protection throughout the container lifecycle. By leveraging technologies like eBPF and Linux Security Modules, it enforces security at the kernel level, helping to reduce the attack surface. This approach allows it to meet the dynamic needs of spacecraft payload systems better than static security models commonly found in edge and cloud environments.



Operating Zero Trust Across Satellite Constellations: Our approach extends virtualized container payload and spacecraft microservice security capabilities by integrating with leading industrial-edge security architectures such as IBM Open Horizon and Intel Smart Edge. We will demonstrate several key concepts during our integration into SRI’s Skyline environment.

• Constellation-wide Security Policy Orchestration: FORTRESS will provide sophisticated policy orchestration that automates the deployment and synchronization of security policies across distributed spacecraft computing nodes. This orchestration ensures that security measures remain consistent even as payload space applications migrate across diverse and remote edge devices.
• Secure Workload Deployment: By incorporating edge-specific deployment mechanisms, our solution ensures that containerized workloads are securely instantiated on edge devices. This includes validating containerized payload images and real-time monitoring during deployment, thereby reducing the risk of compromised workloads at the edge.
• Real-time Kernel-level Enforcement: A critical aspect of spacecraft software protection is enforcing software policies at the kernel level with sufficient granularity to maintain both application and host-level stability. This capability enables continuous monitoring of system calls and immediate responses to anomalous behavior, which is essential for environments where spacecraft must operate independently with intermittent, low-bandwidth ground station management.
• Integration with Hardware Security Features: In collaboration with satellite system manufacturers, our solution fully leverages hardware-based security enhancements such as secure boot and firmware integrity checks. This hardware-software co-design approach strengthens the overall security posture by addressing threats specific to spacecraft deployments.

FORTRESS will support spacecraft and constellation-wide zero trust security management through fine-grained, least-permissive workload policy generation, deployment, and distributed policy orchestration. It addresses secure deployment, stable high-performance kernel-level enforcement, hardware-assisted security, and enhanced threat detection. These services uniquely position our project to meet the distinct challenges of space-edge protection against sophisticated adversaries.

Adversarial Testing and Compliance

FORTRESS integrates MITRE ATT&CK and CALDERA adversarial emulation into simulations to validate defenses. Compliance with NIST SP 800-207 and STIG guidelines ensures alignment with space system security requirements.

Testing Focus	Tool/Framework
Threat Modeling	MITRE ATT&CK for space-specific TTPs
Adversarial Simulation	MITRE CALDERA for real-time attack emulation
Compliance Validation	STIG-based checks for runtime policy enforcement



Final Thoughts

FORTRESS operationalizes zero trust for space systems by uniting container security, workload identity, and CI/CD-integrated policy orchestration. It delivers resilient protection for modern satellite architectures while enabling high-tempo operations and secure third-party payload management.

AccuKnox Zero Trust CNAPP, built for cloud-native and Kubernetes environments, has helped organizations to:

• Detect and defend against zero-day attacks.
• Rapidly generate reports for daily, weekly, and monthly audits. 
• Aggregate SAST, DAST, SCA, CSPM, CWPP, and KIEM in one consolidated dashboard view.

Want a demo? Book your personalized AccuKnox demo.

FAQs—FORTRESS Zero Trust Security for Space Systems

1. What is Project FORTRESS, and what challenges does it address?
FORTRESS (Framework for Operational Resilience and Trust in Space Systems) enhances cybersecurity for containerized and virtualized satellite workloads. It tackles risks from third-party payloads, intermittent connectivity, and the inadequacy of perimeter-based models in distributed Low Earth Orbit (LEO) environments.

2. How does FORTRESS integrate into the satellite DevSecOps lifecycle?
FORTRESS embeds security into every phase of application deployment. In CI/CD pipelines, container images are scanned for vulnerabilities and digitally signed before deployment. During runtime, admission controllers enforce zero trust policies, and any policy violation triggers automated remediation such as container isolation or rollback. An automated policy discovery engine defines least-permissive permissions, ensuring applications perform authorized actions only.

3. How does FORTRESS provide on-orbit runtime security?
FORTRESS enforces container-specific security policies, monitoring system calls and network traffic to block unauthorized behavior in real-time. Its kernel-level controls, powered by eBPF and Linux Security Modules, minimize attack surfaces and resist bypass attempts. Policies adapt dynamically as workloads change, maintaining security during updates or unexpected conditions.

4. How is FORTRESS aligned with edge computing principles?
Like edge platforms, satellites demand low latency, local processing, and resilience under poor connectivity. FORTRESS applies these principles in space by enabling autonomous policy enforcement and securing workload orchestration without reliance on continuous ground links.

5. How is FORTRESS tested, and how are risks mitigated?
FORTRESS undergoes adversarial emulation using the MITRE Caldera framework and compliance validation against STIG standards. Performance is measured to keep computational overhead under 3%. Risks such as latency, false positives, and key management are mitigated through benchmarking, iterative policy tuning, and the use of secure cryptographic key handling.