Background
Application Security Design goals
CIA (Confidentiality, Integrity, Availability)
- Confidentiality:
- AWS is using the PARC Model
- Principal, Action, Resource, Condition
- AWS is using the PARC Model
- Integrity
- Availability: how long to encrypt/decrept the data, and how long the customer can stand if any of the system is not available and needs failover
- For example, how long it take to encrypt the data and write to S3
Key Implement to meet CIA requirements
- “Don’t store secret as plaintext on disk” and “Decrypt only happens in your instance”
- means encrypt and decrypt only happens inside your code inside your instance. (not aws service side)
- User AWS KMS client SDK; S3 encryption client ; DynamoDB encryption client
- Envolop Encryption : use random key to encrypt each piece of data, encrypted data and corresponding key stored together, the key will be encrypted using master key before being stored.
- “keep cipher text of secret in multiple locations”
- make use of S3 --> 11 9s durability or DynamoDB (if you consider latency)
- “Make sure secrets not being changed since last used”
- "if instance can launch, secret should be accessible; <1 min to provision plaintext secret to instance "
-
KMS exist in every Region (except China 😦 ) ;
-
Make careful decisions between retriving each time or caching in memory
-
Key policy is the king ! Key policy not equals with IAM policy.
Case Study : Okta
Okta is a unit of measure for cloud cover. From 0 to 8 describe how much visability it is.
- Simple Best Priatice to
- Data from Database needs to be encrypted at rest or in memory
- Encrypt Key only in Memory
- Service has access to plain text data
