From 0ee1347bf911d9f81d2d2de19fd568d046836720 Mon Sep 17 00:00:00 2001 From: KATO Tomoyuki Date: Tue, 3 May 2016 10:00:58 +0900 Subject: [PATCH] Build Security Threat Analysis Change-Id: I764f492e762901e1ed9889924645acf1f0bca241 --- README.rst | 5 +++++ doc-tools-check-languages.conf | 1 + security-threat-analysis/source/index.rst | 1 - .../source/threat-analysis-process.rst | 22 ++++++++++--------- .../templates/architecture-page.rst | 5 ++++- tools/build-all-rst.sh | 2 ++ tox.ini | 3 ++- 7 files changed, 26 insertions(+), 13 deletions(-) diff --git a/README.rst b/README.rst index aeca2130..6b861185 100644 --- a/README.rst +++ b/README.rst @@ -10,6 +10,7 @@ It includes these manuals: * Security Guide * Security Notes + * Security Threat Analysis The Security Notes are published by the OpenStack Security Project (OSSP) to advise users of security related issues. For more information refer @@ -22,9 +23,13 @@ https://security.openstack.org/vmt-process.html. Directory Structure ------------------- + Security Guide is in the directory ``security-guide``, which source files in RST format in the directory ``security-guide/source``. +Security Threat Analysis is in the directory ``security-guide``, which source +files in RST format in the directory ``security-threat-analysis/source``. + The security notes are in the directory ``security-notes``. diff --git a/doc-tools-check-languages.conf b/doc-tools-check-languages.conf index ab0f160f..5dd67452 100644 --- a/doc-tools-check-languages.conf +++ b/doc-tools-check-languages.conf @@ -30,5 +30,6 @@ SPECIAL_BOOKS=( # These are translated in openstack-manuals ["common"]="skip" # Not translated + ["security-threat-analysis"]="skip" ["security-notes"]="skip" ) diff --git a/security-threat-analysis/source/index.rst b/security-threat-analysis/source/index.rst index c68f25b5..6d48cba8 100644 --- a/security-threat-analysis/source/index.rst +++ b/security-threat-analysis/source/index.rst @@ -18,7 +18,6 @@ Contents templates/architecture-page.rst architecture-diagram-guidance.rst todo.rst - Search in this guide diff --git a/security-threat-analysis/source/threat-analysis-process.rst b/security-threat-analysis/source/threat-analysis-process.rst index 6f47fd90..8cab397f 100644 --- a/security-threat-analysis/source/threat-analysis-process.rst +++ b/security-threat-analysis/source/threat-analysis-process.rst @@ -41,8 +41,8 @@ Preparing artifacts for review Before the review ~~~~~~~~~~~~~~~~~ -- Verify that the service’s architecture page contains all the sections listed - in the Architecture Page Template . +- Verify that the service’s architecture page contains all the sections + listed in the Architecture Page Template . - The architecture page should include diagrams as specified in the Architecture Diagram guidance . - Send an email to the openstack-dev@lists.openstack.org mailing list with a @@ -54,10 +54,12 @@ Before the review Running the threat analysis review ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- Identify the “scribe” role, who will record the discussion and any findings - in the etherpad. +- Identify the “scribe” role, who will record the discussion and any + findings in the etherpad. - Ask the project architect to briefly describe the purpose of the service, - typical uses cases, who will use it and how it will be deployed. Identify the data assets that might be at risk, eg peoples photos, cat videos, databases. Assets in flight and at rest. + typical uses cases, who will use it and how it will be deployed. + Identify the data assets that might be at risk, eg peoples photos, cat + videos, databases. Assets in flight and at rest. - Briefly consider potential abuse cases, what might an attacker want to use this service for? Could an attacker use this service as a stepping stone to attack other services? Do not spend too long on this section, as abuse cases @@ -79,16 +81,16 @@ Running the threat analysis review vulnerabilities, is the implementation in use maintained? Is this protocol used as a security control to provide confidentiality, integrity or availability? - #. Can this interface be used as an entry point to the system, can an attacker - use it to attack a potentially vulnerable service? If so, consider what - additional controls should be applied to limit the exposure. + #. Can this interface be used as an entry point to the system, can an + attacker use it to attack a potentially vulnerable service? If so, + consider what additional controls should be applied to limit the exposure. #. If an attacker was able to compromise a given component, what would that enable them to do? Could they stepping-stone through the OpenStack cloud? #. How is the service administered? Is this a secure path, with appropriate authentication and authorization controls? -- Once the reviewers are familiar with the service, re-consider abuse cases, are - there any other cases which should be considered and mitigated? +- Once the reviewers are familiar with the service, re-consider abuse cases, + are there any other cases which should be considered and mitigated? - Step through typical use-case diagrams. Again consider if sensitive data is appropriately protected. Where an entry point is identified, consider how risks of malicious input data can be mitigated. diff --git a/security-threat-analysis/templates/architecture-page.rst b/security-threat-analysis/templates/architecture-page.rst index d505675b..b921b274 100644 --- a/security-threat-analysis/templates/architecture-page.rst +++ b/security-threat-analysis/templates/architecture-page.rst @@ -11,7 +11,10 @@ Project Description and Purpose ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -. + +. Primary Users diff --git a/tools/build-all-rst.sh b/tools/build-all-rst.sh index 223b411e..3d4f419b 100755 --- a/tools/build-all-rst.sh +++ b/tools/build-all-rst.sh @@ -4,3 +4,5 @@ mkdir -p publish-docs doc-tools-build-rst security-guide --build build \ --target security-guide +doc-tools-build-rst security-threat-analysis --build build \ + --target security-threat-analysis diff --git a/tox.ini b/tox.ini index 5e6d00af..3498b7b3 100644 --- a/tox.ini +++ b/tox.ini @@ -22,6 +22,7 @@ commands = {posargs} commands = doc8 -e '' security-notes doc8 -e '' security-guide + doc8 -e '' security-threat-analysis [testenv:checkbuild] commands = @@ -68,7 +69,7 @@ commands = {toxinidir}/tools/generatepot-rst.sh {posargs} [doc8] # Settings for doc8: # This file has extra long lines that cannot be avoided, let's white list it. -ignore-path = security-notes/OSSN-0047,common,security-guide/build +ignore-path = security-notes/OSSN-0047,common,security-guide/build,security-threat-analysis/build # File extensions to use extensions = .rst,.txt # Disable some doc8 checks: