Attacker goals #35
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -10,3 +10,10 @@ It is assumed that an attacker may perform one or more the following actions: | |||||
|
|
||||||
| While it is not always possible to protect against all scenarios, the system should to the extent possible mitigate and/or reduce the damage caused by a successful attack, detect the occurrence of an attack and notify appropriate parties, yet remain usable for parties operating the system. Furthermore, the system should recover from successful attacks in a way that presents low operational overhead and risk to users. | ||||||
|
|
||||||
| Attacker Goals: | ||||||
| 1. Trying to have a party install a malicious image under the attackers control. | ||||||
JustinCappos marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| 2. Trying to have a party install an outdated image. For example, one with known security vulnerabilities. | ||||||
|
There was a problem hiding this comment. Change "an outdated image" to "an image who's signature has been revoked by the signer" or something to that effect. That avoids us defining what outdated is, leaving the definition up to the signer to determine and implement according to their own policies. There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. This changes the meaning a bit. The prior also would include artifacts that were not the latest (when the latest is requested), but this seems to imply those are fine. There was a problem hiding this comment. I updated my change. In some cases, someone might pull an old image by digest on purpose, and as long as the signature is still valid, this should be accepted, which is the subtlety I was trying to add. But yes, it still needs to use the latest tag mapping when tags are used. |
||||||
| 3. Making images unavailable for installation. | ||||||
|
There was a problem hiding this comment. For Notary, we could phrase this "Disrupt the verification of image signatures." There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. This is a bit more specific. I don't know if it matters, but it reads like your text is a special case of mine... There was a problem hiding this comment. I was trying to make it clear that DoS attacks are out of scope, but there might be a better way to word this. |
||||||
| 4. Preventing a party from learning about updates to currently installed images. | ||||||
JustinCappos marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| 5. Convincing a party to download large amounts of data that interfere with the party's system. | ||||||
|
There was a problem hiding this comment. To scope this to Notary, we could say something like "Inject a malicious (oversized) signature that disrupts verification" (my phrasing could use improvement). The manifest itself will have a size limit imposed by many runtimes (like containerd), see this OCI issue for more context. The manifest includes descriptors that provide both the digest and size of the blob, so if the manifest digest is signed and verified, the only gap for us to cover is the signature artifact itself. There was a problem hiding this comment. We had a good discussion about size attacks, and I thought we decided to scope this out of Notary. Registries already have mechanisms to cope with DOS attacks, and the descriptor already has enough info for artifact clients to gate these.
JustinCappos marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| 6. Enabling future attacks of the above types to be carried out more easily. For example, by causing a party to trust the attacker's key. | ||||||
JustinCappos marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd change "install" to "deploy" to better align with container terminology.