Longhorn Project Security Self-Assessment - Security Pals #1183
Conversation
github-actions
bot
requested review from
anvega,
ashutosh-narkar and
ragashreeshekar
Makesh-Srinivasan
force-pushed
the
main
branch
from
3635c93
to
fc381af
Compare
✅ Deploy Preview for tag-security canceled.
|
Makesh-Srinivasan
force-pushed
the
main
branch
from
fc381af
to
9b97d97
Compare
|
Hi there, and thanks for your work on this Self Assessment! We'll be leaving comments in the document as part of our review to help ensure that your PR gets accepted. As always, follow-up questions are welcome and encouraged during the review. |
There was a problem hiding this comment.
Thanks for the PR @Makesh-Srinivasan and team, appreciate the efforts.
I have completed first pass of review. Please feel free to reach out here or on slack for any questions and clarifications.
Along with addressing the comments, kindly update the PR branch with the latest content in the repo as this branch is out-of-date with the base branch.
Makesh-Srinivasan
force-pushed
the
main
branch
from
053de67
to
2034d13
Compare
Signed-off-by: Makesh Srinivasan <[email protected]> Co-authored-by: Yoon Cho <[email protected]> Co-authored-by: Metun <[email protected]> Co-authored-by: Yukai Xue <[email protected]>
Makesh-Srinivasan
force-pushed
the
main
branch
from
2034d13
to
39cfda1
Compare
|
Hello reviewers and others, I have squashed the commits after making all the changes requested and based on the feedback that's been provided during to review to ensure that everything is as ready as possible to merge when it's time. I have also ensured that our PR branch is up-do-date with the repository's base branch. I would be happy to answer any further questions that you might have, kindly let me know. Thanks! |
Co-authored-by: torinvdb <[email protected]> Signed-off-by: Raga <[email protected]>
Co-authored-by: torinvdb <[email protected]> Signed-off-by: Raga <[email protected]>
Signed-off-by: Raga <[email protected]>
| ### 3. STRIDE Analysis | ||
|
|
||
| #### 3.1 Spoofing | ||
| **Threats**: | ||
| - Unauthorised access to the Longhorn management interface or API. | ||
| - Impersonation of Longhorn components or services. | ||
|
|
||
| **Mitigations**: | ||
| - Implement strong authentication mechanisms for API and management interface access. | ||
| - Use mutual TLS (mTLS) for internal communications. | ||
|
|
||
| #### 3.2 Tampering | ||
| **Threats**: | ||
| - Unauthorised modifications to data in transit or at rest. | ||
| - Tampering with Longhorn configuration or codebase. | ||
|
|
||
| **Mitigations**: | ||
| - Enable data encryption at rest and in transit. | ||
| - Ensure data integrity through checksums and replication verification. | ||
| - Employ strict access controls and code signing for codebase and configurations. | ||
|
|
||
| #### 3.3 Repudiation | ||
| **Threats**: | ||
| - Denial of actions performed by users or internal processes. | ||
| - Lack of auditing trails for critical operations. | ||
|
|
||
| **Mitigations**: | ||
| - Implement comprehensive logging and auditing mechanisms. | ||
| - Ensure that all critical actions are traceable to specific users or entities. | ||
|
|
||
| #### 3.4 Information Disclosure | ||
| **Threats**: | ||
| - Unauthorised access to sensitive data stored in Longhorn volumes. | ||
| - Exposure of internal configuration or metadata. | ||
|
|
||
| **Mitigations**: | ||
| - Enforce strict access controls to data volumes. | ||
| - Use encryption to protect sensitive data. | ||
| - Restrict access to internal metadata and configuration details. | ||
|
|
||
| #### 3.5 Denial of Service (DoS) | ||
| **Threats**: | ||
| - Overloading the Longhorn system, leading to unavailability. | ||
| - Exploiting vulnerabilities to crash the system or degrade performance. | ||
|
|
||
| **Mitigations**: | ||
| - Implement rate limiting and access controls. | ||
| - Design for high availability and resilience. | ||
| - Regularly update and patch to address known vulnerabilities. | ||
|
|
||
| #### 3.6 Elevation of Privilege | ||
| **Threats**: | ||
| - Exploitation of vulnerabilities to gain higher privileges. | ||
| - Unauthorised access leading to control over Longhorn operations. | ||
|
|
||
| **Mitigations**: | ||
| - Adhere to the principle of least privilege in access controls. | ||
| - Regular security assessments and penetration testing. | ||
| - Monitor and promptly update software components to address vulnerabilities. | ||
|
|
||
| ### 4. Conclusion | ||
| This STRIDE threat model for Longhorn identifies key areas of potential security risks and provides a foundation for implementing effective security measures. Regular updates, vigilant monitoring, and adherence to security best practices are essential to maintain the security and integrity of the Longhorn system. | ||
|
|
||
| </details> | ||
|
|
||
|
|
||
| <details> | ||
|
|
||
| <summary>Longhorn Lightweight Threat Model</summary> |
There was a problem hiding this comment.
@ragashreeshekar Is this supposed to be inlined here or moved to a different document?
There was a problem hiding this comment.
It is also mentioned in the document a few places. This may be fine but would need to be patched up if it is externalized.
There was a problem hiding this comment.
Moved threat model to separate document and updated the self-assessment document.
Signed-off-by: Raga <[email protected]>
Signed-off-by: Raga <[email protected]>
Created and added first draft for Longhorn Project Security Self-Assessment. Please feel free to share your feedback on the security self-assessment.