Jump to: navigation, search

Security/Threat Analysis/Meetings/07-03-14

  • 19:00] == shohel02 [c1eada7a@gateway/web/freenode/ip.193.234.218.122] has joined ##openstack-threat-analysis
  • [19:01] <shohel02> Hi all
  • [19:01] <udit> hello
  • [19:01] <shohel02> hi Udit
  • [19:03] <paulmo> Hey!
  • [19:03] <shohel02> hey paulom, hw it going
  • [19:03] <shohel02> *paulmo*
  • [19:03] <paulmo> Good; glad you are driving threat modeling btw. :)
  • [19:04] <shohel02> yes, looks like we have low attendance today
  • [19:04] <shohel02> some other people also promised to join
  • [19:04] <paulmo> shohel02: What would help a lot is to post the time/location for this meeting on a wiki (or maybe I missed it).
  • [19:05] <shohel02> yes i did it
  • [19:05] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis/
  • [19:05] <shohel02> Meeting section
  • [19:05] <shohel02> can we improve it some how
  • [19:06] <paulmo> Oh, sorry, that must have been added after I did some searching… my bad!
  • [19:06] <shohel02> yes, just updated this week...so it might be that
  • [19:07] <shohel02> We are low in numbers but still should we start the meeting
  • [19:08] <shohel02> I think we start now and lets see if others join
  • [19:08] <paulmo> Sure
  • [19:09] <shohel02> #startmeeting OpenStack Threat Modelling
  • [19:09] <shohel02> Some recap from last meeting.
  • [19:09] <shohel02> this what we discussed
  • [19:10] <shohel02> 1) A common framework for threat modelling of all openstack project
  • [19:10] <shohel02> 2) Some of us are working on Keystone Threat modelling     - Action point: engagement with keystone developers
  • [19:10] <shohel02> 3) Threat modelling can also be performed for other project in OpenStack e.g., Solum
  • [19:10] == bknudson [bknudson@nat/ibm/x-yupaaiitpfhxrhqp] has joined ##openstack-threat-analysis
  • [19:11] <shohel02> hi bknudson
  • [19:11] <bknudson> hi
  • [19:11] <shohel02> we have just started
  • [19:11] <paulmo> PS: solum is nearing milestone 1 and I plan to create threat models at each milestone if possible/feasible.
  • [19:11] <shohel02> sounds good
  • [19:12] <shohel02> couple of things has been done after the last meeting
  • [19:12] <shohel02> 1) Updating the Threat Modeling wiki page, so the information is update also meeting schedule is there
  • [19:12] <shohel02> https://wiki.openstack.org/wiki/Security/Threat_Analysis
  • [19:13] <shohel02> Any comment what can be included in the wiki or feel free to edit it
  • [19:14] <paulmo> Thanks for creating/posting those detailed steps/guidance.
  • [19:15] <shohel02> thanks , ok then move to the keystone work
  • [19:15] <shohel02> #Topic Keystone  Threat modelling status update
  • [19:15] <shohel02> We are continuing the work. We are ready to publish threat analysis report for another  component - Auth_token Middleware
  • [19:16] <shohel02> All these are WIP documents
  • [19:16] <shohel02> can be found in https://drive.google.com/file/d/0B1aEVfmQtqnoT28wd2Z1QTNaVXM/edit?usp=sharing
  • [19:16] <shohel02> In addition some correction are made to earlier files:
  • [19:17] <shohel02> for the token provider    https://drive.google.com/file/d/0B1aEVfmQtqnoejN1T1kybjlnMkk/edit?usp=sharing
  • [19:17] <shohel02> We are working on threat modelling of Token Manager/API and Policy Manger
  • [19:17] <paulmo> Love those diagrams and detail!
  • [19:18] <shohel02> There is need for reviewing this docs, so that we can improve align with Keystone developers
  • [19:18] <shohel02> bknudson do you have any thoughts on this
  • [19:18] <shohel02> thanks paulmo
  • [19:18] <bknudson> shohel02: looking at it now.
  • [19:19] <paulmo> Sorry for a tangent but uuid4() is deemed to have a suitable PRNG correct?  (this comes up often in the ML it seems)
  • [19:20] <shohel02> yes.. its correct
  • [19:21] <shohel02> Probably we need to remove threats, which are not feasible, and threats we have not considered yet
  • [19:21] <bknudson> shohel02: the assumption here shouldn't be a-priori -- 4 Signing cert and certificate authority are obtained and distributed in a secure way.
  • [19:21] <bknudson> because the auth_token middleware actually fetches the signing cert from keystone.
  • [19:22] <shohel02> ah haa!
  • [19:22] <paulmo> Didn't get a chance to dig too deep (you may have done this already) but I always like identifying local vs remote attacks where possible.
  • [19:22] <bknudson> also, I think another "objective" should be to provide the user info to the application... e.g., the roles.
  • [19:22] <shohel02> then there is a issue with certificate provision happens in auth_token
  • [19:23] <shohel02> ok, i  note that one
  • [19:23] <bknudson> yes, we need to consider potential abuses
  • [19:23] <bknudson> we had a vulnerability already around this
  • [19:23] <bknudson> the signing cert could be put into /tmp/keystone or something... but somebody could sneak in and create /tmp/keystone and spoof it.
  • [19:25] <shohel02> an internal attack is possible
  • [19:27] <shohel02> thanks bknudson
  • [19:28] <shohel02> One of the issue i would like to discuss is how we can collaborate and Way of working
  • [19:29] <shohel02> Should we form some small team where we publish all the WIP docs and each other gives feedback/review
  • [19:33] <paulmo> That sounds like a good idea to me
  • [19:33] <shohel02> ok
  • [19:33] <paulmo> It will also help train folks on the standard we create for threat models
  • [19:33] <shohel02> yes definitely
  • [19:34] <shohel02> Ok, then any other issues
  • [19:35] <shohel02> bknudson any thought
  • [19:35] <bknudson> shohel02: the doc is looking good so far.
  • [19:35] <bknudson> I assume there's work in progress here.
  • [19:36] <shohel02> ok, then we are almost end of the meeting (30 min)
  • [19:36] <bknudson> I'm on 3.2 Entry points -- what's the public port / private port mean? I think the only entry point to the auth_token middleware is essentially the paste pipeline.
  • [19:36] <bknudson> it's not accepting connections itself
  • [19:37] <bknudson> auth_token has to trust the wsgi container implicitly
  • [19:37] <shohel02> ok
  • [19:37] <shohel02> we thought it from different angle
  • [19:37] <bknudson> well, maybe I just don't know what the definition of an entry point is from a threat analysis viewpoint.
  • [19:38] <shohel02> public is the one where auth_token receives request client side
  • [19:38] <shohel02> and private one is the port it creates when validating UUID token
  • [19:38] <bknudson> that's provided by the wsgi container
  • [19:38] <shohel02> but may be our definition is wrong
  • [19:39] <bknudson> if it's "any way that data can get into auth_token from outside" ... that would include config files, too, I guess.
  • [19:40] <bknudson> and I can see how communicating with identity server is a private port that auth_token creates.
  • [19:43] <shohel02> thats good point, we check again how we can would be entry points
  • [19:43] <bknudson> shohel02: the doc is looking good so far
  • [19:44] <shohel02> thanks, so should we conclude the meeting now
  • [19:44] <paulmo> See you next time!
  • [19:44] <bknudson> thanks for setting this up!
  • [19:45] <shohel02> I will create a group , so send all the updated docs to interested people
  • [19:45] <bknudson> when's the next meeting?
  • [19:45] <shohel02> and we start working :)
  • [19:45] <shohel02> thanks everyone for joining
  • [19:45] <bknudson> btw - I did mention this work at the keystone meeting.
  • [19:45] <bknudson> so they know about it
  • [19:45] <shohel02> thanks
  • [19:45] <shohel02> for that
  • [19:45] <bknudson> and gyee mentioned that security group at hp had maybe done threat analysis.
  • [19:46] <shohel02> hmm
  • [19:46] <shohel02> lets see clark can engage some one from that team
  • [19:47] <shohel02> *Rob Clark*
  • [19:47] <shohel02> ok guys thanks for joining
  • [19:47] <shohel02> have a g8 weekend
  • [19:49] <shohel02> #endmeeting