Comments (7)
RichardAtArm
commented on July 17, 2024
1
Some notes from our threat model review discussion:
ReviewOfPARSECThreatModel-200407.txt
from parsec.
hug-dev
commented on July 17, 2024
1
On the points raised above:
It might be helpful to show where data assets are exposed on the data flow diagram.
Agree. We will change that.
Is the secret Authentication Token the asset that must be protected, rather than the Application Identity, that is not secret?
That is correct! Will rename Application Identity -> Authentication Token
the Key Mapping store is vulnerable to tampering, as by Attacker – A6 and should be listed as an asset.
That is correct! Should add.
Mitigation A-3 typo?
Mitigation A-2 typo?
Well spot! Those should be assumptions, will find another group of letters.
If some sensitive data is going to be logged to persistent storage, possibly need encrypted file system.
True! We might be safer by checking that we do not log confidential data. I am sure we can log meaningfull information without being too informative.
In general, it looks like information disclosure from within the process hasn’t been considered. E.g. Auth Token exposed in memory after use.
That is something we thought separately from the TM (in #122). We should definitely add it in the TM in the Information Disclosure attacks.
Is the key data stored on-disk protected enough just by OS permissions? Does it need to be encrypted? Protected with HMAC?
We agree that this is a bit light. We created #118 to start thinking about options. Will add HMAC to the list.
Are not in the scope of the Threat Model, but could need their own TM to derive general security requirements for clients.
That is a good point, and as we are starting developping the Rust Client, we should also think about creating a threat model for it.
Make sure the findings of the threat modelling are acted on, e.g. by tracking tasks to: implement the Mitigations; document recommendations for the Operational Mitigations and document the risks and limitations due to the Unmitigations.
Great remark, will do that as soon as the review period for the TM is over.
it might be helpful to give recommendations or examples for a secure Linux environment:
We will think about adding in our documentation an example of a secure deployment implementing all our operation mitigations.
from parsec.
hug-dev
commented on July 17, 2024
Although the Threat Model has been merged, keeping this for review.
from parsec.
hug-dev
commented on July 17, 2024
The Parsec Threat Model can be found at: https://parallaxsecond.github.io/parsec-book/threat_model/threat_model.html
from parsec.
hug-dev
commented on July 17, 2024
Will create issues to address those points as soon as the review period of the TM is over.
from parsec.
ionut-arm
commented on July 17, 2024
Created:
I've also recently updated #122 to be in sync with the PSA Crypto spec recommendations.
from parsec.
hug-dev
commented on July 17, 2024
Service and Rust client TM have now been updated and published, and the recommendations here have all been adressed.
from parsec.
Related Issues (20)
- Can we have a single "latest" Quickstart release package?
- Parsec fails to compile for arm32 HOT 4
- Vulnerability in SQLite HOT 3
- Investigate using Arm Virtual Hardware in CI
- Suggest using `/dev/tpmrm0` over `/dev/tpm`
- Parsec 1.1 fails to build with meta-security master branch HOT 4
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist HOT 1
- Update cryptoki version to `0.4.1` HOT 1
- parsec 1.1.0/1.2.0-rc1 fail to build with gcc13 HOT 3
- Generate arm64 quickstart package
- Provide details of built-in providers
- Investigate e2e_tests failure on RasberryPi for PKCS11 backend
- Investigate e2e_tests failure on RasberryPi for TPM backend
- Migrate away from using users crate HOT 1
- Format check errors should only appear in one CI job
- parsec-quickstart container on arm64 HOT 1
- Improve PKCS11 failure mode HOT 1
- e2e_tests/stress.rs: Signature Verification fails sporadically with PsaErrorInvalidArgument
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name HOT 3
- PKCS11/SoftHSM/RSA issue: Decryption with a different key to the one used for Encryption is allowed HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec.