Secure CSAR
Pre-release
Pre-release
·
196 commits
to feature/secure-csar
since this release
8f99fa3
This commit was signed with the committer’s verified signature.
This release of Winery includes features implemented for the paper "Secure Collaborative Development of Cloud Application Deployment Models".
Key points of the prototypical implementation:
- Generation of external signature of the whole CSAR similar to signing of JARs
- Generation of internal signatures for chosen Node Templates properties and chosen files in Artifact Templates
- Generated internal signatures are also similar to signing of JARs
- Encryption for chosen Node Templates properties and chosen files in Artifact Templates
- Internal signatures and encryption requirements are modeled using policies
- Encryption and signing of properties are modeled on the level of Node Types
- Encryption and signing of files in Artifact Templates are modeled on the level of Artifact Templates
- To preserve self-containment of CSARs, internal signatures for properties are generated and bound to DAs belonging to corresponding Node Templates
- To preserve self-containment of CSARs, internal signatures for files in Artifact Templates are generated and attached to corresponding Artifact Templates as Artifact References
- All requirements are enforced at export time
- Verification happens at import time
Following improvements and new features were added:
- Key and corresponding ACLs management functionalities
- Extension to Node Types and Artifact Templates to support policies
- Security policies generation
- Enforcement of security policies at export time
- Verification of external and internal signatures at import time