Further updates to status of recommended mitigations

kubernetes · Apr 28, 2022 · 0816a3a · 0816a3a
1 parent 3281b59
commit 0816a3a
Showing 1 changed file with 22 additions and 17 deletions.
diff --git a/sig-security-assessments/cluster-api/self-assessment.md b/sig-security-assessments/cluster-api/self-assessment.md
@@ -707,7 +707,7 @@ attacker to gain access to secrets they should not be able to.
 #### STRIDE-SPOOF-4 Recommended Mitigations
 
 * Replace kubeadm node join mechanism with a host attestation mechanism.
-  * Status: Planned
+  * Status: [Planned](https://github.com/kubernetes-sigs/cluster-api/issues/3762)
 
 #### STRIDE-SPOOF-5 Spoofing of a worker node in a workload cluster
 
@@ -717,7 +717,7 @@ join a workload cluster and request user data from Secrets Manager API.
 #### STRIDE-SPOOF-5 Recommended Mitigations
 
 * Same as STRIDE-SPOOF-4.
-  * Status: Planned
+  * Status: [Planned](https://github.com/kubernetes-sigs/cluster-api/issues/3762)
 
 ### Tampering
 
@@ -750,7 +750,7 @@ install time and during runtime
 * At build time: Create SBoM of the Machine Image and verify checksum as a post
   build action
   *
-  Status: [Issue filed](https://github.com/kubernetes-sigs/image-builder/issues/803)
+  Status: [planned](https://github.com/kubernetes-sigs/image-builder/issues/803)
 * During install time: Perform mutual authentication when Cloud Provider's controller 
   downloads Machine Image. Verify checksum of the downloaded machine image, before 
   marking them as available. Download with TLS enabled to prevent in-transit tampering.
@@ -812,8 +812,7 @@ etcd datastore.
 * Cluster API should consider supporting running CPI, CSI and other privileged
   control plane workloads on the management cluster to further minimise the
   privileges required by workload clusters.
-  *
-  Status: [Issue filed](https://github.com/kubernetes-sigs/cluster-api/issues/5491)
+  * Status: [planned](https://github.com/kubernetes-sigs/cluster-api/issues/5491)
 * Strongly advise users to seperate workload clusters into different AWS
   accounts or Azure subscriptions.
   * Status: [End user guidance to be written](#cluster-api-end-user-guide)
@@ -830,11 +829,11 @@ get access to control plane secrets.
 * kubeadm token is short lived or deleted
   * Status: implemented / planned / to be implemented / End User Guidance
 * Disable or restrict SSH access to nodes in a cluster
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Audit KubeConfig files access, edits that are located on the node
   * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Implement cluster level Pod Security to prevent host mount access to pod
-  * Status: [to be implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
+  * Status: [implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
 
 #### STRIDE-INFODISCLOSE-3 - Exposure of Management and Workload Cluster CA private keys and certs
 
@@ -845,11 +844,17 @@ one or more clusters.
 #### STRIDE-INFODISCLOSE-3 Recommended Mitigations
 
 * Keep CA key/cert pairs short lived or deleted after use from Secrets Manager
+  * Status: [planned](https://github.com/kubernetes-sigs/cluster-api/issues/5490)
+  * Maintainer note: Linked issue is a pre-requisite for shortening CA lifetimes
 * Shorten CA cert lifetime
+  * Status: [planned](https://github.com/kubernetes-sigs/cluster-api/issues/5490)
+  * Maintainer note: Linked issue is a pre-requisite for shortening CA lifetimes
 * Disable or restrict SSH access to nodes in a cluster
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Audit access or edits to CA private keys and cert files located on the node
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Implement cluster level Pod Security to prevent host mount access to pod
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
 
 #### STRIDE-INFODISCLOSE-4 - Exposure of Cloud credentials that allow privileged actions
 
@@ -861,9 +866,9 @@ exfiltrated to spoof Cluster API components or launch a denial of service attack
 * Use short-lived credentials that are auto-renewed using node level attestation
   * Status: implemented / planned / to be implemented / End User Guidance
 * Disable or restrict SSH access to nodes in a cluster
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Implement cluster level Pod Security to prevent host mount access to pod
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
 
 ### Denial of Service
 
@@ -959,7 +964,7 @@ control planes is lost
   connectivity issues
   * Status: implemented / planned / to be implemented / End User Guidance
 * Alert on deletion of Elastic Lb so that it can be quickly restored
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 
 #### STRIDE-DOS-6 Exhausting Cloud resources
 
@@ -972,9 +977,9 @@ bills or traffic congestion on cloud API pathways
 * Implement rate limits for creation, deletion and update of cloud resources
   * Status: implemented / planned / to be implemented / End User Guidance
 * Apply second pair of eyes whenever possible for such activity
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Apply alerting on all cloud resource creation, update, deletion activities
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 
 ### Elevation of Privilege
 
@@ -990,9 +995,9 @@ attacker can get full or partial control over management cluster
   * Status: implemented / planned / to be implemented / End User Guidance
 * Implement Cluster level Pod Security to prevent host access for someone with
   Create Pod access
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
 * Disable or limit node level SSH access
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 * Do not build a chain of trust for cluster CAs such that gaining access to
   workload cluster CA and private keys does _not_ provide access to management
   cluster
@@ -1011,9 +1016,9 @@ credentials that can give cluster-admin access to the attacker
   * Status: implemented / planned / to be implemented / End User Guidance
 * Implement Cluster level Pod Security to prevent host access for someone with
   Create Pod access
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [implemented](https://github.com/kubernetes-sigs/cluster-api/pull/6390)
 * Disable or limit node level SSH access
-  * Status: implemented / planned / to be implemented / End User Guidance
+  * Status: [End user guidance to be written](#cluster-api-end-user-guide)
 
 #### STRIDE-EOP-3 Use shared cloud credentials to get access to other unrelated cloud resources