Versions Compared

Old Version 35

changes.mady.by.user Srinivasa Addepalli

Saved on

compared with

New Version 36

changes.mady.by.user Srinivasa Addepalli

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Draft: The ONAP Security sub-committee is working on the recommendation
  • Recommended: The ONAP security sub-committee agrees that this is a recommendation
  • Approved: The recommendation is approved by the TSC.

Some known threats in Micro Service architectures :

  1. Credential stealing and then used get the high level prilvileges:
    1. Attacker analyzes the container images to steal secrets such as SSH private keys, X.509v3 certificate private keys,  passwords etc...
    2. Attacker analyzes the captured traffic among services to steal secrets such as passwords and other secrets.
    3. Attacker analyzes environment variables (to containers) via orchestrator log files to steal password and other secrets.
    4. Attacker getting hold of default credentials or weak passwords
  2. Denial Of Service Attacks:
    1. Attacker bombards the container services with new connections, leading to large number forked processes and threads leading to resource issues on other workloads (containers) in the system.
    2. Attacker exploiting the container to get access to Kernel.
  3. Tampering of images (ONAP container images)
    1. Attacker keeping tampered images with similar looking name in the registry, leading to running containers from attacker images.

Typical vulnerabilities are:

  • Secrets/passwords/sensitive-data in images.
  • Unchanged default passwords 
  • Weak passwords
  • Unsecured communication
  • Usage of environment variables to pass sensitive information
  • Poor Security configuration
  • Vulnerable system software and libraries

Mitigation techniques are:

  • Host operating system (Not valid if ONAP is being installed in Hyperscale data centers) - Hardened operating system, Vulnerability scanning, Trusted computing infrastructure
  • Containers images:
    • Only have required software packages.
    • No password, secrets, private key in the image.
    • Vulnerable scanning and ensuring only patched versions of the packages are used.
    • Trusted image repository /  Image signing by VNF vendors.
  • Container image download 
    • Secure communication with repositories
    • Verifying the signature of images before they are launched.
    • Periodic check for patched container images from the repository.
  • Container run time 
    • Secret Management 
    • Mutual TLS for network security 
    • IPSEC for network security
    • Syscall white listing, MAC (Mandatory Access Control)
    • Usage of cgroups for resource isolation for all shared resources.
    • Monitoring of system call usage
    • Immutable - No run time patches to the packages.  Always download full container image.

The main captured topics are are (Main focus areas):

  1. ONAP  Credential Management & Secret Management
  2. static code scanning
  3. Image signing/verification


2 ONAP Credential Management.

...

  • The credential management solution MUST be able to interact with existing credential creation and validation schemes
  • The following types of certificates SHOULD be supported by ONAP:
    • a, b, c, ... 
  • Securing the private keys - CA private keys shall be secured using HSMs (e.g PKCS11 secure generation and storage of private key)
  • Usage of certificate identity wherever possible(binding an identity to a credential using the X.509v3 certificate)

...