This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
general architecture service security
chris grzegorczyk edited this page Aug 30, 2013
·
2 revisions
This is a collection of high-level security guidelines to follow when implementing a new service or intergrating an external component with Eucalyptus.
- Should require authentication and authorization for all operations/resources
- Each service that uses cryptorgraphy should have a separate set of component keys
- Should not have permissions to write into its own config files
- Should not run with root privileges
- Should protect its data from unauthorized access (in database and on the filesystem)
- Access to data should be restricted to implementing service
- Any sensitive data should be encrypted with the service's keys
- Should never store/log/transmit third-party credentials/secrets in unencrypted form
- Should verify authenticity, integrity, and timestamps of received messages
- Should have SSL support for all endpoints
- Should follow other general security guidelines as applicable
- Should follow all of the above requirement for a Eucalyptus service
- Should integrate with IAM and have support for IAM policies (all operations and resources)
- ARN support is required if AWS service supports ARNs (ARNs, IAM Support by AWS Services)
- Should support AWS Signature Version 4
- Should allow for installation of CA-signed SSL certificates for all public endpoints
- Do not allow external services direct access to any internal data (credentials, database, files, etc.)
- Use a dedicated set of credentials for authentication and communications with external services
- Contact Info
- email: architecture@eucalyptus.com
- IRC: #eucalyptus-devel (freenode)
- Eucalyptus Links