# Threat Model ## Overview This document identifies threats to the Release Orchestrator and their mitigations. ## Threat Categories ### T1: Credential Theft | Aspect | Description | |--------|-------------| | **Threat** | Attacker gains access to credentials through database breach | | **Attack Vector** | SQL injection, database backup theft, insider threat | | **Assets at Risk** | Registry credentials, vault tokens, SSH keys | | **Mitigation** | Secrets NEVER stored in database; only vault references stored | | **Detection** | Anomalous vault access patterns, failed authentication attempts | ### T2: Token Replay | Aspect | Description | |--------|-------------| | **Threat** | Attacker captures and reuses valid JWT tokens | | **Attack Vector** | Man-in-the-middle, log file exposure, memory dump | | **Assets at Risk** | User sessions, API access | | **Mitigation** | Short-lived tokens (15 min), refresh token rotation, TLS everywhere | | **Detection** | Token used from unusual IP, concurrent sessions | ### T3: Agent Impersonation | Aspect | Description | |--------|-------------| | **Threat** | Attacker registers fake agent to receive deployment tasks | | **Attack Vector** | Stolen registration token, certificate forgery | | **Assets at Risk** | Deployment credentials, target access | | **Mitigation** | One-time registration tokens, mTLS with CA-signed certs | | **Detection** | Registration from unexpected network, capability mismatch | ### T4: Digest Tampering | Aspect | Description | |--------|-------------| | **Threat** | Attacker modifies container image after release creation | | **Attack Vector** | Registry compromise, man-in-the-middle at pull time | | **Assets at Risk** | Application integrity, supply chain | | **Mitigation** | Digest verification at pull time; mismatch = deployment failure | | **Detection** | Pull failures due to digest mismatch | ### T5: Evidence Tampering | Aspect | Description | |--------|-------------| | **Threat** | Attacker modifies audit records to hide malicious activity | | **Attack Vector** | Database admin access, SQL injection | | **Assets at Risk** | Audit integrity, compliance | | **Mitigation** | Append-only table, cryptographic signing, no UPDATE/DELETE | | **Detection** | Signature verification failure, hash chain break | ### T6: Privilege Escalation | Aspect | Description | |--------|-------------| | **Threat** | User gains permissions beyond their role | | **Attack Vector** | Role assignment exploit, permission bypass | | **Assets at Risk** | Environment access, approval authority | | **Mitigation** | Role-based access, SoD enforcement, audit logs | | **Detection** | Unusual permission patterns, SoD violation attempts | ### T7: Supply Chain Attack | Aspect | Description | |--------|-------------| | **Threat** | Malicious plugin injected into workflow | | **Attack Vector** | Plugin repository compromise, typosquatting | | **Assets at Risk** | All environments, all credentials | | **Mitigation** | Plugin sandbox, capability declarations, signed manifests | | **Detection** | Unexpected network egress, resource anomalies | ### T8: Lateral Movement | Aspect | Description | |--------|-------------| | **Threat** | Attacker uses compromised target to access others | | **Attack Vector** | Target compromise, credential reuse | | **Assets at Risk** | Other targets, environments | | **Mitigation** | Short-lived task credentials, scoped permissions | | **Detection** | Cross-target credential use, unexpected connections | ### T9: Data Exfiltration | Aspect | Description | |--------|-------------| | **Threat** | Attacker extracts logs, artifacts, or configuration | | **Attack Vector** | API abuse, log aggregator compromise | | **Assets at Risk** | Application data, deployment configurations | | **Mitigation** | Encryption at rest, network segmentation, audit logging | | **Detection** | Large data transfers, unusual API patterns | ### T10: Denial of Service | Aspect | Description | |--------|-------------| | **Threat** | Attacker exhausts resources to prevent deployments | | **Attack Vector** | API flooding, workflow loop, agent task spam | | **Assets at Risk** | Service availability | | **Mitigation** | Rate limiting, resource quotas, circuit breakers | | **Detection** | Resource exhaustion alerts, traffic spikes | ## STRIDE Analysis | Category | Threats | Primary Mitigations | |----------|---------|---------------------| | **Spoofing** | T3 Agent Impersonation | mTLS, registration tokens | | **Tampering** | T4 Digest, T5 Evidence | Digest verification, append-only tables | | **Repudiation** | Evidence manipulation | Signed evidence packets | | **Information Disclosure** | T1 Credentials, T9 Exfiltration | Vault integration, encryption | | **Denial of Service** | T10 Resource exhaustion | Rate limits, quotas | | **Elevation of Privilege** | T6 Escalation | RBAC, SoD enforcement | ## Trust Boundaries ``` ┌─────────────────────────────────────────────────────────────────────────────┐ │ TRUST BOUNDARIES │ │ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ PUBLIC NETWORK (Untrusted) │ │ │ │ │ │ │ │ Internet, External Users, External Services │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ │ TLS + Authentication │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ DMZ (Semi-trusted) │ │ │ │ │ │ │ │ API Gateway, Webhook Gateway │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ │ Internal mTLS │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ INTERNAL NETWORK (Trusted) │ │ │ │ │ │ │ │ Stella Core Services, Database, Internal Vault │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ │ Agent mTLS │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────┐ │ │ │ DEPLOYMENT NETWORK (Controlled) │ │ │ │ │ │ │ │ Agents, Targets │ │ │ └─────────────────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────────────┘ ``` ## Data Classification | Classification | Examples | Protection Requirements | |---------------|----------|------------------------| | **Critical** | Vault credentials, signing keys | Hardware security, minimal access | | **Sensitive** | User tokens, agent certificates | Encryption, access logging | | **Internal** | Release configs, workflow definitions | Encryption at rest | | **Public** | API documentation, release names | Integrity protection | ## Security Controls Summary | Control | Implementation | Threats Addressed | |---------|----------------|-------------------| | mTLS | Agent communication | T3 | | Short-lived tokens | 15-min access tokens | T2 | | Vault integration | No secrets in DB | T1 | | Digest verification | Pull-time validation | T4 | | Append-only tables | Evidence immutability | T5 | | RBAC + SoD | Permission enforcement | T6 | | Plugin sandbox | Resource limits, capability control | T7 | | Scoped credentials | Task-specific access | T8 | | Encryption | At rest and in transit | T9 | | Rate limiting | API and resource quotas | T10 | ## Incident Response ### Detection Signals | Signal | Indicates | Response | |--------|-----------|----------| | Digest mismatch at pull | T4 Tampering | Halt deployment, investigate registry | | Evidence signature failure | T5 Tampering | Preserve logs, forensic analysis | | Unusual agent registration | T3 Impersonation | Revoke agent, review access | | SoD violation attempt | T6 Escalation | Block action, alert admin | | Plugin network egress | T7 Supply chain | Isolate plugin, review manifest | ### Response Procedures 1. **Contain** - Isolate affected component (revoke token, disable agent) 2. **Investigate** - Collect logs, evidence packets, audit trail 3. **Remediate** - Patch vulnerability, rotate credentials 4. **Recover** - Restore service, verify integrity 5. **Report** - Document incident, update threat model ## References - [Security Overview](overview.md) - [Agent Security](agent-security.md) - [Audit Trail](audit-trail.md)