Versions Compared

Old Version 30

changes.mady.by.user Hari C S

Saved on

compared with

New Version 31

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Currently, EVE does not have capabilities of data security at rest. This is being designed and implemented . While EVE provides [1]. With this,  EVE will provide capabilities like file system encryption, but it is up to the EVE Controller to make use of these capabilities to  to achieve a security goal. For this EVE needs to define its interface towards EVE controller, and provision a way to define security policies from the Controller.  This proposal defines such an interface.

...

focuses more on the interaction between EVE and EVE controller in the context of realising a use case that the user might have to secure data processed on the EVE platform.

Sample Use Cases 

Assuming that EVE provides a capability to store some files in an encrypted filesystem, 
a) A user might want to run the Edge Containers out of this secure file system, so that data that is stored by these Edge Containers is stored in encrypted form at rest.   A user might do this is to prevent an attacker from reading the application data if the EVE node is stolen or drive is taken out.
b) A user might also wish to store sensitive parts of EVE configuration (e.g. Image data store credentials), under this secure file system, so that it stays encrypted at rest. 

...

Possible Approaches

We are exploring two options for implementing such an interface, and we will discuss them in detail below.

Option 1:  Process security config during pillar container launch

Option 2:  Process security config inside ZedAgent service

Process security config during pillar container launch

...

Current Workflow in Provisioning EVE

The current user driven, device management event flow at a high level, is as follows, 


New Stage in the Workflow - The Security Policy Enforcement 

We propose a new stage/API in EVE Provisioning, where the controller can enforce the device policies on EVE, before EVE launches the pillar microservices. The reason we need this framework is because:

...

Therefore the proposed user driven, device management event flow, will be as follows.

Vault Manager to anchor handling of security policies

This module in EVE, will be responsible for periodic device policy fetch from controller and enforce them on the device.  More details, are specified in [Ref.1].

...

Break-up of the

...

proposed security config

The policies are grouped into two major categories

  • Data At Rest Policies
  • Data In Transit Policies (mostly a placeholder for now, added for future use)

Data at Rest Policy

Data at rest security is applicable for the Application Instance mutable business sensitive data and  storage for EVE sensitive configuration information.Application instance mutable business sensitive data will be stored in a reserved partition/directory and the security policy configuration will be applied on it.

...

  • encryption algorithm
  • data handling policy
  • data recovery policy
  • key rotation policy
  • key Information

Encryption Algorithm

This specifies, the encryption algorithm to be used for data at rest security. [Ref. 1].

  • NONE
  • AES256
  • ADIANTUM

Data handling policy

Data handling policy will define, sensitive storage data handling, on encryption algorithm change, 

...

some user defined policy in the controller module.

Data Recovery Policy

When an EVE node faces network outage, it will keep operating, using the last known policy configuration.

...

The user has to ensure that, proper configuration is stored in the USB Stick or inputs them through to Keyboard.

Key rotation policy

This will define the key rotation activation. The key rotation poilcy will be in the controller and will not be intimated to EVE.

Keys

This consists of  set of Keys information( max. 2). For a key rotation scheme, a maximum of two keys will be intimated to the EVE node. Controller will store and publish, the last published key along with the most current key. This will cover cases, when the EVE node is not able to communicate with controller.

Data in transit policy (Mostly a placeholder for now, details added for brevity)

Currently, the data in transit is secured through TLS 1.2 framework,  for configuration/ status/ information exchange  between the controller and EVE.  The data in transit security for Application instance data traffic will be prerogative of the application software and, is out of scope for the current proposal.  The scope of data in transit security policy, will be applicable for the sensitive object level configuration data in transit between the controller software and the end user (downloader) inside EVE, viz., data store credentials. This will be done by using the device cert/key pair. The sensitive configuration for EVE, will be stored in encrypted form (cypher text), till it is ready for use by downloader.

...