Difference between revisions of "Security/Threat Analysis/Meetings/07-03-14"
< Security | Threat Analysis | Meetings
(07-03-14) |
|||
Line 1: | Line 1: | ||
− | 19:00] == shohel02 [c1eada7a@gateway/web/freenode/ip.193.234.218.122] has joined ##openstack-threat-analysis | + | * 19:00] == shohel02 [c1eada7a@gateway/web/freenode/ip.193.234.218.122] has joined ##openstack-threat-analysis |
− | [19:01] <shohel02> Hi all | + | * [19:01] <shohel02> Hi all |
− | [19:01] <udit> hello | + | * [19:01] <udit> hello |
− | [19:01] <shohel02> hi Udit | + | * [19:01] <shohel02> hi Udit |
− | [19:03] <paulmo> Hey! | + | * [19:03] <paulmo> Hey! |
− | [19:03] <shohel02> hey paulom, hw it going | + | * [19:03] <shohel02> hey paulom, hw it going |
− | [19:03] <shohel02> *paulmo* | + | * [19:03] <shohel02> *paulmo* |
− | [19:03] <paulmo> Good; glad you are driving threat modeling btw. :) | + | * [19:03] <paulmo> Good; glad you are driving threat modeling btw. :) |
− | [19:04] <shohel02> yes, looks like we have low attendance today | + | * [19:04] <shohel02> yes, looks like we have low attendance today |
− | [19:04] <shohel02> some other people also promised to join | + | * [19:04] <shohel02> some other people also promised to join |
− | [19:04] <paulmo> shohel02: What would help a lot is to post the time/location for this meeting on a wiki (or maybe I missed it). | + | * [19:04] <paulmo> shohel02: What would help a lot is to post the time/location for this meeting on a wiki (or maybe I missed it). |
− | [19:05] <shohel02> yes i did it | + | * [19:05] <shohel02> yes i did it |
− | [19:05] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis/ | + | * [19:05] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis/ |
− | [19:05] <shohel02> Meeting section | + | * [19:05] <shohel02> Meeting section |
− | [19:05] <shohel02> can we improve it some how | + | * [19:05] <shohel02> can we improve it some how |
− | [19:06] <paulmo> Oh, sorry, that must have been added after I did some searching… my bad! | + | * [19:06] <paulmo> Oh, sorry, that must have been added after I did some searching… my bad! |
− | [19:06] <shohel02> yes, just updated this week...so it might be that | + | * [19:06] <shohel02> yes, just updated this week...so it might be that |
− | [19:07] <shohel02> We are low in numbers but still should we start the meeting | + | * [19:07] <shohel02> We are low in numbers but still should we start the meeting |
− | [19:08] <shohel02> I think we start now and lets see if others join | + | * [19:08] <shohel02> I think we start now and lets see if others join |
− | [19:08] <paulmo> Sure | + | * [19:08] <paulmo> Sure |
− | [19:09] <shohel02> #startmeeting OpenStack Threat Modelling | + | * [19:09] <shohel02> #startmeeting OpenStack Threat Modelling |
− | [19:09] <shohel02> Some recap from last meeting. | + | * [19:09] <shohel02> Some recap from last meeting. |
− | [19:09] <shohel02> this what we discussed | + | * [19:09] <shohel02> this what we discussed |
− | [19:10] <shohel02> 1) A common framework for threat modelling of all openstack project | + | * [19:10] <shohel02> 1) A common framework for threat modelling of all openstack project |
− | [19:10] <shohel02> 2) Some of us are working on Keystone Threat modelling - Action point: engagement with keystone developers | + | * [19:10] <shohel02> 2) Some of us are working on Keystone Threat modelling - Action point: engagement with keystone developers |
− | [19:10] <shohel02> 3) Threat modelling can also be performed for other project in OpenStack e.g., Solum | + | * [19:10] <shohel02> 3) Threat modelling can also be performed for other project in OpenStack e.g., Solum |
− | [19:10] == bknudson [bknudson@nat/ibm/x-yupaaiitpfhxrhqp] has joined ##openstack-threat-analysis | + | * [19:10] == bknudson [bknudson@nat/ibm/x-yupaaiitpfhxrhqp] has joined ##openstack-threat-analysis |
− | [19:11] <shohel02> hi bknudson | + | * [19:11] <shohel02> hi bknudson |
− | [19:11] <bknudson> hi | + | * [19:11] <bknudson> hi |
− | [19:11] <shohel02> we have just started | + | * [19:11] <shohel02> we have just started |
− | [19:11] <paulmo> PS: solum is nearing milestone 1 and I plan to create threat models at each milestone if possible/feasible. | + | * [19:11] <paulmo> PS: solum is nearing milestone 1 and I plan to create threat models at each milestone if possible/feasible. |
− | [19:11] <shohel02> sounds good | + | * [19:11] <shohel02> sounds good |
− | [19:12] <shohel02> couple of things has been done after the last meeting | + | * [19:12] <shohel02> couple of things has been done after the last meeting |
− | [19:12] <shohel02> 1) Updating the Threat Modeling wiki page, so the information is update also meeting schedule is there | + | * [19:12] <shohel02> 1) Updating the Threat Modeling wiki page, so the information is update also meeting schedule is there |
− | [19:12] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis | + | * [19:12] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis |
− | [19:13] <shohel02> Any comment what can be included in the wiki or feel free to edit it | + | * [19:13] <shohel02> Any comment what can be included in the wiki or feel free to edit it |
− | [19:14] <paulmo> Thanks for creating/posting those detailed steps/guidance. | + | * [19:14] <paulmo> Thanks for creating/posting those detailed steps/guidance. |
− | [19:15] <shohel02> thanks , ok then move to the keystone work | + | * [19:15] <shohel02> thanks , ok then move to the keystone work |
− | [19:15] <shohel02> #Topic Keystone Threat modelling status update | + | * [19:15] <shohel02> #Topic Keystone Threat modelling status update |
− | [19:15] <shohel02> We are continuing the work. We are ready to publish threat analysis report for another component - Auth_token Middleware | + | * [19:15] <shohel02> We are continuing the work. We are ready to publish threat analysis report for another component - Auth_token Middleware |
− | [19:16] <shohel02> All these are WIP documents | + | * [19:16] <shohel02> All these are WIP documents |
− | [19:16] <shohel02> can be found in https://drive.google.com/file/d/0B1aEVfmQtqnoT28wd2Z1QTNaVXM/edit?usp=sharing | + | * [19:16] <shohel02> can be found in https://drive.google.com/file/d/0B1aEVfmQtqnoT28wd2Z1QTNaVXM/edit?usp=sharing |
− | [19:16] <shohel02> In addition some correction are made to earlier files: | + | * [19:16] <shohel02> In addition some correction are made to earlier files: |
− | [19:17] <shohel02> for the token provider https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing | + | * [19:17] <shohel02> for the token provider https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing |
− | [19:17] <shohel02> We are working on threat modelling of Token Manager/API and Policy Manger | + | * [19:17] <shohel02> We are working on threat modelling of Token Manager/API and Policy Manger |
− | [19:17] <paulmo> Love those diagrams and detail! | + | * [19:17] <paulmo> Love those diagrams and detail! |
− | [19:18] <shohel02> There is need for reviewing this docs, so that we can improve align with Keystone developers | + | * [19:18] <shohel02> There is need for reviewing this docs, so that we can improve align with Keystone developers |
− | [19:18] <shohel02> bknudson do you have any thoughts on this | + | * [19:18] <shohel02> bknudson do you have any thoughts on this |
− | [19:18] <shohel02> thanks paulmo | + | * [19:18] <shohel02> thanks paulmo |
− | [19:18] <bknudson> shohel02: looking at it now. | + | * [19:18] <bknudson> shohel02: looking at it now. |
− | [19:19] <paulmo> Sorry for a tangent but uuid4() is deemed to have a suitable PRNG correct? (this comes up often in the ML it seems) | + | * [19:19] <paulmo> Sorry for a tangent but uuid4() is deemed to have a suitable PRNG correct? (this comes up often in the ML it seems) |
− | [19:20] <shohel02> yes.. its correct | + | * [19:20] <shohel02> yes.. its correct |
− | [19:21] <shohel02> Probably we need to remove threats, which are not feasible, and threats we have not considered yet | + | * [19:21] <shohel02> Probably we need to remove threats, which are not feasible, and threats we have not considered yet |
− | [19:21] <bknudson> shohel02: the assumption here shouldn't be a-priori -- 4 Signing cert and certificate authority are obtained and distributed in a secure way. | + | * [19:21] <bknudson> shohel02: the assumption here shouldn't be a-priori -- 4 Signing cert and certificate authority are obtained and distributed in a secure way. |
− | [19:21] <bknudson> because the auth_token middleware actually fetches the signing cert from keystone. | + | * [19:21] <bknudson> because the auth_token middleware actually fetches the signing cert from keystone. |
− | [19:22] <shohel02> ah haa! | + | * [19:22] <shohel02> ah haa! |
− | [19:22] <paulmo> Didn't get a chance to dig too deep (you may have done this already) but I always like identifying local vs remote attacks where possible. | + | * [19:22] <paulmo> Didn't get a chance to dig too deep (you may have done this already) but I always like identifying local vs remote attacks where possible. |
− | [19:22] <bknudson> also, I think another "objective" should be to provide the user info to the application... e.g., the roles. | + | * [19:22] <bknudson> also, I think another "objective" should be to provide the user info to the application... e.g., the roles. |
− | [19:22] <shohel02> then there is a issue with certificate provision happens in auth_token | + | * [19:22] <shohel02> then there is a issue with certificate provision happens in auth_token |
− | [19:23] <shohel02> ok, i note that one | + | * [19:23] <shohel02> ok, i note that one |
− | [19:23] <bknudson> yes, we need to consider potential abuses | + | * [19:23] <bknudson> yes, we need to consider potential abuses |
− | [19:23] <bknudson> we had a vulnerability already around this | + | * [19:23] <bknudson> we had a vulnerability already around this |
− | [19:23] <bknudson> the signing cert could be put into /tmp/keystone or something... but somebody could sneak in and create /tmp/keystone and spoof it. | + | * [19:23] <bknudson> the signing cert could be put into /tmp/keystone or something... but somebody could sneak in and create /tmp/keystone and spoof it. |
− | [19:25] <shohel02> an internal attack is possible | + | * [19:25] <shohel02> an internal attack is possible |
− | [19:27] <shohel02> thanks bknudson | + | * [19:27] <shohel02> thanks bknudson |
− | [19:28] <shohel02> One of the issue i would like to discuss is how we can collaborate and Way of working | + | * [19:28] <shohel02> One of the issue i would like to discuss is how we can collaborate and Way of working |
− | [19:29] <shohel02> Should we form some small team where we publish all the WIP docs and each other gives feedback/review | + | * [19:29] <shohel02> Should we form some small team where we publish all the WIP docs and each other gives feedback/review |
− | [19:33] <paulmo> That sounds like a good idea to me | + | * [19:33] <paulmo> That sounds like a good idea to me |
− | [19:33] <shohel02> ok | + | * [19:33] <shohel02> ok |
− | [19:33] <paulmo> It will also help train folks on the standard we create for threat models | + | * [19:33] <paulmo> It will also help train folks on the standard we create for threat models |
− | [19:33] <shohel02> yes definitely | + | * [19:33] <shohel02> yes definitely |
− | [19:34] <shohel02> Ok, then any other issues | + | * [19:34] <shohel02> Ok, then any other issues |
− | [19:35] <shohel02> bknudson any thought | + | * [19:35] <shohel02> bknudson any thought |
− | [19:35] <bknudson> shohel02: the doc is looking good so far. | + | * [19:35] <bknudson> shohel02: the doc is looking good so far. |
− | [19:35] <bknudson> I assume there's work in progress here. | + | * [19:35] <bknudson> I assume there's work in progress here. |
− | [19:36] <shohel02> ok, then we are almost end of the meeting (30 min) | + | * [19:36] <shohel02> ok, then we are almost end of the meeting (30 min) |
− | [19:36] <bknudson> I'm on 3.2 Entry points -- what's the public port / private port mean? I think the only entry point to the auth_token middleware is essentially the paste pipeline. | + | * [19:36] <bknudson> I'm on 3.2 Entry points -- what's the public port / private port mean? I think the only entry point to the auth_token middleware is essentially the paste pipeline. |
− | [19:36] <bknudson> it's not accepting connections itself | + | * [19:36] <bknudson> it's not accepting connections itself |
− | [19:37] <bknudson> auth_token has to trust the wsgi container implicitly | + | * [19:37] <bknudson> auth_token has to trust the wsgi container implicitly |
− | [19:37] <shohel02> ok | + | * [19:37] <shohel02> ok |
− | [19:37] <shohel02> we thought it from different angle | + | * [19:37] <shohel02> we thought it from different angle |
− | [19:37] <bknudson> well, maybe I just don't know what the definition of an entry point is from a threat analysis viewpoint. | + | * [19:37] <bknudson> well, maybe I just don't know what the definition of an entry point is from a threat analysis viewpoint. |
− | [19:38] <shohel02> public is the one where auth_token receives request client side | + | * [19:38] <shohel02> public is the one where auth_token receives request client side |
− | [19:38] <shohel02> and private one is the port it creates when validating UUID token | + | * [19:38] <shohel02> and private one is the port it creates when validating UUID token |
− | [19:38] <bknudson> that's provided by the wsgi container | + | * [19:38] <bknudson> that's provided by the wsgi container |
− | [19:38] <shohel02> but may be our definition is wrong | + | * [19:38] <shohel02> but may be our definition is wrong |
− | [19:39] <bknudson> if it's "any way that data can get into auth_token from outside" ... that would include config files, too, I guess. | + | * [19:39] <bknudson> if it's "any way that data can get into auth_token from outside" ... that would include config files, too, I guess. |
− | [19:40] <bknudson> and I can see how communicating with identity server is a private port that auth_token creates. | + | * [19:40] <bknudson> and I can see how communicating with identity server is a private port that auth_token creates. |
− | [19:43] <shohel02> thats good point, we check again how we can would be entry points | + | * [19:43] <shohel02> thats good point, we check again how we can would be entry points |
− | [19:43] <bknudson> shohel02: the doc is looking good so far | + | * [19:43] <bknudson> shohel02: the doc is looking good so far |
− | [19:44] <shohel02> thanks, so should we conclude the meeting now | + | * [19:44] <shohel02> thanks, so should we conclude the meeting now |
− | [19:44] <paulmo> See you next time! | + | * [19:44] <paulmo> See you next time! |
− | [19:44] <bknudson> thanks for setting this up! | + | * [19:44] <bknudson> thanks for setting this up! |
− | [19:45] <shohel02> I will create a group , so send all the updated docs to interested people | + | * [19:45] <shohel02> I will create a group , so send all the updated docs to interested people |
− | [19:45] <bknudson> when's the next meeting? | + | * [19:45] <bknudson> when's the next meeting? |
− | [19:45] <shohel02> and we start working :) | + | * [19:45] <shohel02> and we start working :) |
− | [19:45] <shohel02> thanks everyone for joining | + | * [19:45] <shohel02> thanks everyone for joining |
− | [19:45] <bknudson> btw - I did mention this work at the keystone meeting. | + | * [19:45] <bknudson> btw - I did mention this work at the keystone meeting. |
− | [19:45] <bknudson> so they know about it | + | * [19:45] <bknudson> so they know about it |
− | [19:45] <shohel02> thanks | + | * [19:45] <shohel02> thanks |
− | [19:45] <shohel02> for that | + | * [19:45] <shohel02> for that |
− | [19:45] <bknudson> and gyee mentioned that security group at hp had maybe done threat analysis. | + | * [19:45] <bknudson> and gyee mentioned that security group at hp had maybe done threat analysis. |
− | [19:46] <shohel02> hmm | + | * [19:46] <shohel02> hmm |
− | [19:46] <shohel02> lets see clark can engage some one from that team | + | * [19:46] <shohel02> lets see clark can engage some one from that team |
− | [19:47] <shohel02> *Rob Clark* | + | * [19:47] <shohel02> *Rob Clark* |
− | [19:47] <shohel02> ok guys thanks for joining | + | * [19:47] <shohel02> ok guys thanks for joining |
− | [19:47] <shohel02> have a g8 weekend | + | * [19:47] <shohel02> have a g8 weekend |
− | [19:49] <shohel02> #endmeeting | + | * [19:49] <shohel02> #endmeeting |
+ | * |
Latest revision as of 09:05, 18 March 2014
- 19:00] == shohel02 [c1eada7a@gateway/web/freenode/ip.193.234.218.122] has joined ##openstack-threat-analysis
- [19:01] <shohel02> Hi all
- [19:01] <udit> hello
- [19:01] <shohel02> hi Udit
- [19:03] <paulmo> Hey!
- [19:03] <shohel02> hey paulom, hw it going
- [19:03] <shohel02> *paulmo*
- [19:03] <paulmo> Good; glad you are driving threat modeling btw. :)
- [19:04] <shohel02> yes, looks like we have low attendance today
- [19:04] <shohel02> some other people also promised to join
- [19:04] <paulmo> shohel02: What would help a lot is to post the time/location for this meeting on a wiki (or maybe I missed it).
- [19:05] <shohel02> yes i did it
- [19:05] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis/
- [19:05] <shohel02> Meeting section
- [19:05] <shohel02> can we improve it some how
- [19:06] <paulmo> Oh, sorry, that must have been added after I did some searching… my bad!
- [19:06] <shohel02> yes, just updated this week...so it might be that
- [19:07] <shohel02> We are low in numbers but still should we start the meeting
- [19:08] <shohel02> I think we start now and lets see if others join
- [19:08] <paulmo> Sure
- [19:09] <shohel02> #startmeeting OpenStack Threat Modelling
- [19:09] <shohel02> Some recap from last meeting.
- [19:09] <shohel02> this what we discussed
- [19:10] <shohel02> 1) A common framework for threat modelling of all openstack project
- [19:10] <shohel02> 2) Some of us are working on Keystone Threat modelling - Action point: engagement with keystone developers
- [19:10] <shohel02> 3) Threat modelling can also be performed for other project in OpenStack e.g., Solum
- [19:10] == bknudson [bknudson@nat/ibm/x-yupaaiitpfhxrhqp] has joined ##openstack-threat-analysis
- [19:11] <shohel02> hi bknudson
- [19:11] <bknudson> hi
- [19:11] <shohel02> we have just started
- [19:11] <paulmo> PS: solum is nearing milestone 1 and I plan to create threat models at each milestone if possible/feasible.
- [19:11] <shohel02> sounds good
- [19:12] <shohel02> couple of things has been done after the last meeting
- [19:12] <shohel02> 1) Updating the Threat Modeling wiki page, so the information is update also meeting schedule is there
- [19:12] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis
- [19:13] <shohel02> Any comment what can be included in the wiki or feel free to edit it
- [19:14] <paulmo> Thanks for creating/posting those detailed steps/guidance.
- [19:15] <shohel02> thanks , ok then move to the keystone work
- [19:15] <shohel02> #Topic Keystone Threat modelling status update
- [19:15] <shohel02> We are continuing the work. We are ready to publish threat analysis report for another component - Auth_token Middleware
- [19:16] <shohel02> All these are WIP documents
- [19:16] <shohel02> can be found in https://drive.google.com/file/d/0B1aEVfmQtqnoT28wd2Z1QTNaVXM/edit?usp=sharing
- [19:16] <shohel02> In addition some correction are made to earlier files:
- [19:17] <shohel02> for the token provider https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing
- [19:17] <shohel02> We are working on threat modelling of Token Manager/API and Policy Manger
- [19:17] <paulmo> Love those diagrams and detail!
- [19:18] <shohel02> There is need for reviewing this docs, so that we can improve align with Keystone developers
- [19:18] <shohel02> bknudson do you have any thoughts on this
- [19:18] <shohel02> thanks paulmo
- [19:18] <bknudson> shohel02: looking at it now.
- [19:19] <paulmo> Sorry for a tangent but uuid4() is deemed to have a suitable PRNG correct? (this comes up often in the ML it seems)
- [19:20] <shohel02> yes.. its correct
- [19:21] <shohel02> Probably we need to remove threats, which are not feasible, and threats we have not considered yet
- [19:21] <bknudson> shohel02: the assumption here shouldn't be a-priori -- 4 Signing cert and certificate authority are obtained and distributed in a secure way.
- [19:21] <bknudson> because the auth_token middleware actually fetches the signing cert from keystone.
- [19:22] <shohel02> ah haa!
- [19:22] <paulmo> Didn't get a chance to dig too deep (you may have done this already) but I always like identifying local vs remote attacks where possible.
- [19:22] <bknudson> also, I think another "objective" should be to provide the user info to the application... e.g., the roles.
- [19:22] <shohel02> then there is a issue with certificate provision happens in auth_token
- [19:23] <shohel02> ok, i note that one
- [19:23] <bknudson> yes, we need to consider potential abuses
- [19:23] <bknudson> we had a vulnerability already around this
- [19:23] <bknudson> the signing cert could be put into /tmp/keystone or something... but somebody could sneak in and create /tmp/keystone and spoof it.
- [19:25] <shohel02> an internal attack is possible
- [19:27] <shohel02> thanks bknudson
- [19:28] <shohel02> One of the issue i would like to discuss is how we can collaborate and Way of working
- [19:29] <shohel02> Should we form some small team where we publish all the WIP docs and each other gives feedback/review
- [19:33] <paulmo> That sounds like a good idea to me
- [19:33] <shohel02> ok
- [19:33] <paulmo> It will also help train folks on the standard we create for threat models
- [19:33] <shohel02> yes definitely
- [19:34] <shohel02> Ok, then any other issues
- [19:35] <shohel02> bknudson any thought
- [19:35] <bknudson> shohel02: the doc is looking good so far.
- [19:35] <bknudson> I assume there's work in progress here.
- [19:36] <shohel02> ok, then we are almost end of the meeting (30 min)
- [19:36] <bknudson> I'm on 3.2 Entry points -- what's the public port / private port mean? I think the only entry point to the auth_token middleware is essentially the paste pipeline.
- [19:36] <bknudson> it's not accepting connections itself
- [19:37] <bknudson> auth_token has to trust the wsgi container implicitly
- [19:37] <shohel02> ok
- [19:37] <shohel02> we thought it from different angle
- [19:37] <bknudson> well, maybe I just don't know what the definition of an entry point is from a threat analysis viewpoint.
- [19:38] <shohel02> public is the one where auth_token receives request client side
- [19:38] <shohel02> and private one is the port it creates when validating UUID token
- [19:38] <bknudson> that's provided by the wsgi container
- [19:38] <shohel02> but may be our definition is wrong
- [19:39] <bknudson> if it's "any way that data can get into auth_token from outside" ... that would include config files, too, I guess.
- [19:40] <bknudson> and I can see how communicating with identity server is a private port that auth_token creates.
- [19:43] <shohel02> thats good point, we check again how we can would be entry points
- [19:43] <bknudson> shohel02: the doc is looking good so far
- [19:44] <shohel02> thanks, so should we conclude the meeting now
- [19:44] <paulmo> See you next time!
- [19:44] <bknudson> thanks for setting this up!
- [19:45] <shohel02> I will create a group , so send all the updated docs to interested people
- [19:45] <bknudson> when's the next meeting?
- [19:45] <shohel02> and we start working :)
- [19:45] <shohel02> thanks everyone for joining
- [19:45] <bknudson> btw - I did mention this work at the keystone meeting.
- [19:45] <bknudson> so they know about it
- [19:45] <shohel02> thanks
- [19:45] <shohel02> for that
- [19:45] <bknudson> and gyee mentioned that security group at hp had maybe done threat analysis.
- [19:46] <shohel02> hmm
- [19:46] <shohel02> lets see clark can engage some one from that team
- [19:47] <shohel02> *Rob Clark*
- [19:47] <shohel02> ok guys thanks for joining
- [19:47] <shohel02> have a g8 weekend
- [19:49] <shohel02> #endmeeting