From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jrey@linux.ibm.com>
Authentication-Results: lists.ozlabs.org;
 spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com
 (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com;
 envelope-from=jrey@linux.ibm.com; receiver=<UNKNOWN>)
Authentication-Results: lists.ozlabs.org;
 dmarc=none (p=none dis=none) header.from=linux.ibm.com
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.ozlabs.org (Postfix) with ESMTPS id 45pjMk15FNzDqGQ
 for <openbmc@lists.ozlabs.org>; Thu, 18 Jul 2019 02:26:57 +1000 (AEST)
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id
 x6HGLksc129150
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 12:26:51 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
 [169.53.41.122])
 by mx0a-001b2d01.pphosted.com with ESMTP id 2tt50yeknu-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 12:26:51 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
 by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x6HGOigJ002305
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:50 GMT
Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com
 [9.57.198.29]) by ppma04dal.us.ibm.com with ESMTP id 2trtmr95gr-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:50 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
 [9.57.199.111])
 by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 x6HGQohi51708248
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:50 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id EEE0CAC05B
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:49 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id D8130AC05E
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:49 +0000 (GMT)
Received: from demeter.rchland.ibm.com (unknown [9.10.254.219])
 by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTPS
 for <openbmc@lists.ozlabs.org>; Wed, 17 Jul 2019 16:26:49 +0000 (GMT)
From: Joseph Reynolds <jrey@linux.ibm.com>
Subject: BMC threat model docs
To: openbmc <openbmc@lists.ozlabs.org>
Message-ID: <685b6066-fdd1-9fc7-82be-372f6ad9ff22@linux.ibm.com>
Date: Wed, 17 Jul 2019 11:26:49 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0)
 Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
 definitions=2019-07-17_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1907170190
X-BeenThere: openbmc@lists.ozlabs.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development list for OpenBMC <openbmc.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/openbmc>,
 <mailto:openbmc-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/openbmc/>
List-Post: <mailto:openbmc@lists.ozlabs.org>
List-Help: <mailto:openbmc-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/openbmc>,
 <mailto:openbmc-request@lists.ozlabs.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2019 16:26:58 -0000

I got a private email asking
 > [where are the] BMC project threat model documents?

The approved network threat model is here:
https://github.com/openbmc/docs/blob/master/security/network-security-considerations.md

The threat model is very basic and does little more than identify 
OpenBMC's network services.  The level of detail was initially 
superficial to get approval for the document.  I hope to add more 
details and add new sections for BMC network connections including LDAP, 
remote logging, remote media, ip-kvm, event subscriptions, etc.  Then 
add a section for Redfish security considerations.

The network threat model is only a subset of the overall BMC threat 
model.  (For example, the BMC faces threats from its environment and its 
host system.)  The OpenBMC project has no overall BMC threat model, and 
mine is in review here:
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/22404
(You can find other threat model reviews by searching gerrit for 
"threat" or "security").

I am using my review to collect information about BMC threats, which in 
turn depends on how the BMC is used, so I am collecting information 
about BMC use cases too.  Any and all contributions are welcome, and can 
be added as review comments, email to the community, or directly to me.  
I am struggling with the threat model scope, and how to organize the 
document.  Any feedback is welcome.

- Joseph