forked from cncf/tag-security
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from ultrasaurus/general-readme
simplified readme with high level goals and link to guide
- Loading branch information
Showing
4 changed files
with
166 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# Security Assessments | ||
|
||
## Goals | ||
The [security assessment process](guide) is designed to accelerate the adoption | ||
of cloud native technologies, based on the following goals and assumptions: | ||
|
||
### 1) Reduce risk across the ecosystem | ||
|
||
The primary goal is to reduce the risk from malicious attacks and accidental breaches of privacy. This process supports that goal in two ways: | ||
|
||
* Clear and consistent process for communication increases detection & | ||
reduces time to resolve known or suspected vulnerability issues | ||
* A collaborative evaluation process increases domain expertise | ||
within each participating project. | ||
|
||
### 2) Accelerate adoption of cloud native technologies | ||
|
||
Security reviews are a necessary, yet time consuming process, where each | ||
company, organization and project must perform its own reviews to ensure | ||
that it meets its unique commitments to its own users and stakeholders. | ||
In open source, simply finding security-related information can be a very | ||
time consuming part of the the process. The process is designed to enable improved discovery of security information & streamlined security reviews in multiple ways: | ||
|
||
* Consistent documentation reduces review time | ||
* Established baseline of security-relevant information reduces Q&A | ||
* Clear rubric for security profile enables organizations to align their | ||
risk profile with project’s risk profile and effectively allocate resources | ||
(for review and needed project contribution) | ||
* Structured metadata allows for navigation, grouping and cross-linking | ||
|
||
We expect that this process will raise awareness of how specific open source | ||
projects affect the security of a cloud native system; however, separate | ||
activities may be needed to achieve that purpose using materials generated by | ||
the assessements. | ||
|
||
## Outcome | ||
|
||
Each project assessment will: | ||
1. ensure a clear description of the project's design goals with respect to | ||
security | ||
2. uncover design flaws and document known limitations | ||
3. document next steps toward increasing security of the project itself and/or | ||
increasing the applications of the project toward increasing security of the | ||
cloud native ecosystem | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,47 @@ | ||
Authors: [email protected], [email protected], [email protected], [email protected] | ||
Authors: [email protected], [email protected], [email protected], [email protected] | ||
|
||
Created: 7 March 2017 | ||
Updated: 9 April 2019 | ||
|
||
This is a living document, please feel free to add use cases and personas through a PR. We want this to be a repository of cloud native security related use cases. | ||
This is a living document, please feel free to add use cases and personas through a PR. | ||
This initial version was derived from inputs referencd below. Please add | ||
references for new use cases, which could included shared documents from other | ||
projects, published research or case studies of cloud native technologies in | ||
real world use. | ||
|
||
## References | ||
|
||
Refer: | ||
============ | ||
* SAFE Cloud Foundry Use Cases: https://goo.gl/4pmdqt | ||
* Administrators Bill of Rights: https://goo.gl/yQCxE8 | ||
|
||
SAFE Cloud Foundry Use Cases: https://goo.gl/4pmdqt | ||
Overview | ||
============ | ||
This is a list of use cases to enable secure access, policy control and safety | ||
for users of cloud native technology. | ||
|
||
Administrators Bill of Rights: https://goo.gl/yQCxE8 | ||
## Users | ||
|
||
Within an enterprise, based on the organization structure, we may have one or | ||
more of the personas. The more general user categories are | ||
separated into these more detailed personas where roles may be held by | ||
different people in a large organization. | ||
|
||
Summary | ||
============ | ||
Within an enterprise, based on the organization structure, we may have one or more of the personas. They could be from Developer, Enterprise Operator, Network Operator, End User, Infrastructure Provider. In this document, we will try to breakdown the use cases by applying bill of rights to each personas. | ||
* Operators: Enterprise, Quota, Network | ||
* Administrators: Security, Compliance/Audit | ||
* Developers, including Third Party Security Products | ||
* End-users | ||
|
||
Developer | ||
============= | ||
* As a developer, I need to provide logs for any changes to a critical resources, such that they can be made available for auditing | ||
A project will often have a very focused target audience and not all | ||
use cases are applicable in every situaton. The use cases below are a guide | ||
to consider common needs that often require support from multiple products | ||
or technologies in order to be fully functional for the target users. | ||
|
||
* As a developer, I need to be able to tag my resources so that they can be grouped by an administrator when required | ||
# Operators | ||
|
||
* As a developer I need to be able to perform an access check for a resource | ||
## Enterprise | ||
|
||
Enterprise Operator | ||
============= | ||
* As an enterprise operator, I need a central way to look at the organizational resources, so that I can administer them in a single view | ||
|
||
* As an enterprise operator, I need the ability to see what about the resource changed, who changed it and when it was changed, so that I can report on for compliance | ||
* As an enterprise operator, I need the ability to see what about the resource changed, who changed it and when it was changed, so that I can report on for compliance | ||
|
||
* As an enterprise operator, I need a way to delegate policy control to lower level admins, including sub enterprise operators, who help me scale. | ||
|
||
|
@@ -43,8 +56,19 @@ Enterprise Operator | |
* As an enterprise operator, I can understand the effect of changes to policy that I am making | ||
|
||
|
||
Quota Operator | ||
================== | ||
## Quota | ||
|
||
Since quota is often used for cost control, this may imply a different persona | ||
with financial, rather than an engineering background. | ||
|
||
An important use of quota is to protect a service from abuse. By setting a | ||
quota, we can ensure that a single individual or group cannot bring down the | ||
service for everybody else (either intentionally or unintentionally). | ||
For example, services may lack sufficient protections (such as exponential | ||
backoff) and a simple quota enforcement in front of the service can reduce the | ||
impact of repeated request on the rest of the infrastructure. | ||
|
||
|
||
|
||
* As an quota operator, I need a central way to look at the organizational resources, so that I can administer them in a single view | ||
|
||
|
@@ -61,8 +85,7 @@ Quota Operator | |
* As a quota operator, I can understand the effect of changes to quota that I am making | ||
|
||
|
||
Network Operator | ||
==================== | ||
## Network | ||
|
||
* As a network operator, I need a central way to look at the networks in my organization, so that I can administer them in a single view. | ||
|
||
|
@@ -75,20 +98,9 @@ Network Operator | |
* As a network operator, I can understand the effect of changes to network policy that I am making | ||
|
||
|
||
End User | ||
============ | ||
# Administrators | ||
|
||
* As an end user, I can understand which resources I can access and how I can request access to a resource | ||
|
||
* As an end user, I can delegate or revoke access to downstream applications/resource or other users | ||
|
||
* As an end user, I can request access to a resource and operations. | ||
|
||
* As an end user, I can understand the effect of changes to policy that I am making | ||
|
||
|
||
Compliance Officer /Auditor | ||
=============================== | ||
## Compliance Officer / Auditor | ||
|
||
* As a compliance officer, I can <a href="https://docs.google.com/document/d/19V_Vx0fdz2HOa31FpPswT9CsUphizfJcwvDJv05aWFs/edit#heading=h.norkt12d88ma" target="_blank">audit</a> all accesses and understand all policy grants for my organizations’ cloud resources - including all accesses of other administrators. | ||
|
||
|
@@ -103,8 +115,7 @@ Compliance Officer /Auditor | |
* As a compliance officer, I can configure my organization's resources to meet the requirements of relevant standards such as [PCI](https://www.pcisecuritystandards.org/), [FedRAMP](https://www.fedramp.gov/) or [HIPAA](https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/html/PLAW-104publ191.htm), and I can generate assessment and attestation artifacts showing how the relevant requirements are met. | ||
|
||
|
||
Security Administrator | ||
========================== | ||
## Security Administrator | ||
|
||
* As a security administrator, I can <a href="https://docs.google.com/document/d/19V_Vx0fdz2HOa31FpPswT9CsUphizfJcwvDJv05aWFs/edit#heading=h.ems5pk2exnlb" target="_blank">centrally administer</a> my organizations’ cloud resources. | ||
|
||
|
@@ -122,15 +133,36 @@ Security Administrator | |
|
||
* As a security administrator, I can <a href="https://docs.google.com/document/d/19V_Vx0fdz2HOa31FpPswT9CsUphizfJcwvDJv05aWFs/edit#heading=h.7wavwjkp2pz2" target="_blank">exercise the above rights in hybrid and mutli-cloud deployments</a> without compromising my ability to manage my organizations’ cloud resources. | ||
|
||
# Developers | ||
|
||
Third Party Security Product/System | ||
========================== | ||
* As a developer, I need to provide logs for any changes to a critical resources, such that they can be made available for auditing | ||
|
||
* As a developer, I need to be able to tag my resources so that they can be grouped by an administrator when required | ||
|
||
* As a developer I need to be able to perform an access check for a resource | ||
|
||
# Third Party Security Product/System | ||
|
||
* A third party system should be able to affect security policy based on assets being tagged as quarantined. | ||
|
||
* To put it more generically, I should be able to associate resources with dynamic labels/tags which can be used to trigger certain policies | ||
|
||
|
||
|
||
|
||
|
||
# End-users | ||
|
||
* As an end user, I can understand which resources I can access and how I can request access to a resource | ||
|
||
* As an end user, I can delegate or revoke access to downstream applications/resource or other users | ||
|
||
* As an end user, I can request access to a resource and operations. | ||
|
||
* As an end user, I can understand the effect of changes to policy that I am making | ||
|
||
|
||
|
||
|
||
|
||
|
||
|