Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dashboard threat model #67

Merged
merged 10 commits into from
Sep 27, 2024
Merged

dashboard threat model #67

merged 10 commits into from
Sep 27, 2024

Conversation

nithyatsu
Copy link
Contributor

@nithyatsu nithyatsu commented Sep 19, 2024

Add threat model for Radius dashboard

Copy link
Contributor

@rynowak rynowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking pretty good overall. Left you some feedback about phrasing and explanations.


| Term | Definition |
| --------------------- | ----------------------------- |
| mTLS | Mutual Transport Layer Security (mTLS) allows two parties to authenticate each other during the initial connection of an SSL/TLS handshake. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any mention of mTLS in this doc? Feels like it might be a copy-paste.

architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved
architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved
architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved

![Dashboard Architecture](2024-08-dashboard-component-threat-model/dashboard-arch.png)

Given that the Radius Dashboard is developed as a Backstage plugin, it is essential to first examine the Backstage architecture. Backstage provides a core Single Page Application (SPA), a core backend, and the ability to configure a desired database. The core functionality can be enhanced using plugins.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you clean this up? See above ^^^

architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved
architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved

1. Dashboard should be accessed only on HTTPS if it should be available outside cluster. Currently, we can access the application on http but since we only access the application on localhost using =kubernetes port-forward, this is OK.

2. Enable authentication on Dashboard. This could be tied to RBAC support on Radius, since we might want the same users to be allowed dashboard logins by default with permissions configured using Backstage permission system.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the actual action item? Is this something the user needs to do? If that's the case what's the action item for us?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add documentation in dashboard related info to capture this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

create a story

Copy link
Contributor Author

@nithyatsu nithyatsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will make the architecture diagram have bi-directional arrows between backend, frontend, db


Due to the volume of requests Dashboard as well as the UCP, AppCore-RP components involved in serving the request could run out of resource to serve a legitimate request.

**Mitigation**:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have we explored an option to configure rate limiting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we discussed this in meeting and how we can use permission system to make sure we dont get too many requests (which would be from unauthorized users)

architecture/2024-08-dashboard-component-threat-model.md Outdated Show resolved Hide resolved
#### Threat 3: Spoofing dashboard service-account can cause DoS
**Description**

If an unauthorized user or malicious actor gtampers with cluster,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: typo

Suggested change
If an unauthorized user or malicious actor gtampers with cluster,
If an unauthorized user or malicious actor tampers with cluster,

@nithyatsu
Copy link
Contributor Author

add info on radius rbac and its impact on backstage/dashboard

@nithyatsu nithyatsu requested a review from rynowak September 26, 2024 19:11
Copy link
Contributor

@rynowak rynowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! Approved


## System Description

The Dashboard component is an instance of [Backstage](https://backstage.io/). We customize Backstage by installing a Radius plugin and the community-supported Kubernetes plugin. The Dashboard is a client of the Radius API. It queries the graph of an application or a list of environment and constructs a visual representation of the response.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very clear now, thank you 🙏

@nithyatsu nithyatsu merged commit 8d435d6 into radius-project:main Sep 27, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants