This risk assessment aims at giving the reader a realistic idea of the types of security and privacy threats involved in using this website. This assessment is not exhaustive, but rather our good faith effort to disclose what we think are the most likely and relevant risks.
Entry points
Shell or root shell (or ssh) administrative login
TAS3 designed management interfaces (none yet)
Product specific management interfaces
New user registration (feature to allow anonymous new user to self register)
Auto-CoT (fully automatic metadata exchange and trust establishment with anonymous third party SPs)
New service registration (feature to allow anonymous 3rd party to register new services)
Web GUI
SOAP web service
SSO
SLO
Discovery query
Data assets
Private keys of the service itself
Circle-of-Trust database
Discovery Registrations
User database
User names
Authentication credentials (password hash, Yubikey shared secret)
User's attribute data
Federation database: name id mappings
Session store
Nonfunctional assets
Privacy preserving through avoidance of correlation handles
User consent and control of data release
Organizational control of data release
Nonrepudiation
Accountability
Credible authentication of users
Credible authentication of system entities
Attacks and mitigation
Too numerous to describe exhaustively in one afternoon *** TBD
Generally the data assets are protected using Unix filesystem permissions against shell and local Unix process access. This, of course, is of little value against root. Therefore deployment MUST use nonroot users for running all TAS3 related processes as well as for most administrative tasks.
The TAS3 designed and product specific management interfaces follow good coding practises (e.g. check for ".." in path) to only allow designed access to the data assets.
Web GUI is coded such that only authorized accesses are possible
SOAP web service is coded such that only authorized accesses are possible
Appropriate crypto layer (such as TLS) is applied in Web GUI, SOAP, and ssh entry points
--Sampo