Jump to: navigation, search

Difference between revisions of "Security/Threat Analysis/Meetings/07-03-14"

(07-03-14)
(No difference)

Revision as of 09:04, 18 March 2014

19:00] == shohel02 [c1eada7a@gateway/web/freenode/ip.193.234.218.122] has joined ##openstack-threat-analysis [19:01] <shohel02> Hi all [19:01] <udit> hello [19:01] <shohel02> hi Udit [19:03] <paulmo> Hey! [19:03] <shohel02> hey paulom, hw it going [19:03] <shohel02> *paulmo* [19:03] <paulmo> Good; glad you are driving threat modeling btw. :) [19:04] <shohel02> yes, looks like we have low attendance today [19:04] <shohel02> some other people also promised to join [19:04] <paulmo> shohel02: What would help a lot is to post the time/location for this meeting on a wiki (or maybe I missed it). [19:05] <shohel02> yes i did it [19:05] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis/ [19:05] <shohel02> Meeting section [19:05] <shohel02> can we improve it some how [19:06] <paulmo> Oh, sorry, that must have been added after I did some searching… my bad! [19:06] <shohel02> yes, just updated this week...so it might be that [19:07] <shohel02> We are low in numbers but still should we start the meeting [19:08] <shohel02> I think we start now and lets see if others join [19:08] <paulmo> Sure [19:09] <shohel02> #startmeeting OpenStack Threat Modelling [19:09] <shohel02> Some recap from last meeting. [19:09] <shohel02> this what we discussed [19:10] <shohel02> 1) A common framework for threat modelling of all openstack project [19:10] <shohel02> 2) Some of us are working on Keystone Threat modelling     - Action point: engagement with keystone developers [19:10] <shohel02> 3) Threat modelling can also be performed for other project in OpenStack e.g., Solum [19:10] == bknudson [bknudson@nat/ibm/x-yupaaiitpfhxrhqp] has joined ##openstack-threat-analysis [19:11] <shohel02> hi bknudson [19:11] <bknudson> hi [19:11] <shohel02> we have just started [19:11] <paulmo> PS: solum is nearing milestone 1 and I plan to create threat models at each milestone if possible/feasible. [19:11] <shohel02> sounds good [19:12] <shohel02> couple of things has been done after the last meeting [19:12] <shohel02> 1) Updating the Threat Modeling wiki page, so the information is update also meeting schedule is there [19:12] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis [19:13] <shohel02> Any comment what can be included in the wiki or feel free to edit it [19:14] <paulmo> Thanks for creating/posting those detailed steps/guidance. [19:15] <shohel02> thanks , ok then move to the keystone work [19:15] <shohel02> #Topic Keystone  Threat modelling status update [19:15] <shohel02> We are continuing the work. We are ready to publish threat analysis report for another  component - Auth_token Middleware [19:16] <shohel02> All these are WIP documents [19:16] <shohel02> can be found in https://drive.google.com/file/d/0B1aEVfmQtqnoT28wd2Z1QTNaVXM/edit?usp=sharing [19:16] <shohel02> In addition some correction are made to earlier files: [19:17] <shohel02> for the token provider    https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing [19:17] <shohel02> We are working on threat modelling of Token Manager/API and Policy Manger [19:17] <paulmo> Love those diagrams and detail! [19:18] <shohel02> There is need for reviewing this docs, so that we can improve align with Keystone developers [19:18] <shohel02> bknudson do you have any thoughts on this [19:18] <shohel02> thanks paulmo [19:18] <bknudson> shohel02: looking at it now. [19:19] <paulmo> Sorry for a tangent but uuid4() is deemed to have a suitable PRNG correct?  (this comes up often in the ML it seems) [19:20] <shohel02> yes.. its correct [19:21] <shohel02> Probably we need to remove threats, which are not feasible, and threats we have not considered yet [19:21] <bknudson> shohel02: the assumption here shouldn't be a-priori -- 4 Signing cert and certificate authority are obtained and distributed in a secure way. [19:21] <bknudson> because the auth_token middleware actually fetches the signing cert from keystone. [19:22] <shohel02> ah haa! [19:22] <paulmo> Didn't get a chance to dig too deep (you may have done this already) but I always like identifying local vs remote attacks where possible. [19:22] <bknudson> also, I think another "objective" should be to provide the user info to the application... e.g., the roles. [19:22] <shohel02> then there is a issue with certificate provision happens in auth_token [19:23] <shohel02> ok, i  note that one [19:23] <bknudson> yes, we need to consider potential abuses [19:23] <bknudson> we had a vulnerability already around this [19:23] <bknudson> the signing cert could be put into /tmp/keystone or something... but somebody could sneak in and create /tmp/keystone and spoof it. [19:25] <shohel02> an internal attack is possible [19:27] <shohel02> thanks bknudson [19:28] <shohel02> One of the issue i would like to discuss is how we can collaborate and Way of working [19:29] <shohel02> Should we form some small team where we publish all the WIP docs and each other gives feedback/review [19:33] <paulmo> That sounds like a good idea to me [19:33] <shohel02> ok [19:33] <paulmo> It will also help train folks on the standard we create for threat models [19:33] <shohel02> yes definitely [19:34] <shohel02> Ok, then any other issues [19:35] <shohel02> bknudson any thought [19:35] <bknudson> shohel02: the doc is looking good so far. [19:35] <bknudson> I assume there's work in progress here. [19:36] <shohel02> ok, then we are almost end of the meeting (30 min) [19:36] <bknudson> I'm on 3.2 Entry points -- what's the public port / private port mean? I think the only entry point to the auth_token middleware is essentially the paste pipeline. [19:36] <bknudson> it's not accepting connections itself [19:37] <bknudson> auth_token has to trust the wsgi container implicitly [19:37] <shohel02> ok [19:37] <shohel02> we thought it from different angle [19:37] <bknudson> well, maybe I just don't know what the definition of an entry point is from a threat analysis viewpoint. [19:38] <shohel02> public is the one where auth_token receives request client side [19:38] <shohel02> and private one is the port it creates when validating UUID token [19:38] <bknudson> that's provided by the wsgi container [19:38] <shohel02> but may be our definition is wrong [19:39] <bknudson> if it's "any way that data can get into auth_token from outside" ... that would include config files, too, I guess. [19:40] <bknudson> and I can see how communicating with identity server is a private port that auth_token creates. [19:43] <shohel02> thats good point, we check again how we can would be entry points [19:43] <bknudson> shohel02: the doc is looking good so far [19:44] <shohel02> thanks, so should we conclude the meeting now [19:44] <paulmo> See you next time! [19:44] <bknudson> thanks for setting this up! [19:45] <shohel02> I will create a group , so send all the updated docs to interested people [19:45] <bknudson> when's the next meeting? [19:45] <shohel02> and we start working :) [19:45] <shohel02> thanks everyone for joining [19:45] <bknudson> btw - I did mention this work at the keystone meeting. [19:45] <bknudson> so they know about it [19:45] <shohel02> thanks [19:45] <shohel02> for that [19:45] <bknudson> and gyee mentioned that security group at hp had maybe done threat analysis. [19:46] <shohel02> hmm [19:46] <shohel02> lets see clark can engage some one from that team [19:47] <shohel02> *Rob Clark* [19:47] <shohel02> ok guys thanks for joining [19:47] <shohel02> have a g8 weekend [19:49] <shohel02> #endmeeting

Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Threat_Analysis/Meetings/07-03-14&oldid=45779"