Skip to content

Latest commit

 

History

History
97 lines (75 loc) · 7.44 KB

mitigations.md

File metadata and controls

97 lines (75 loc) · 7.44 KB

Mitigation Strategies Analysis for milvus-io/milvus

Mitigation Strategy: Strict Role-Based Access Control (RBAC) within Milvus

Mitigation Strategy: Strict Role-Based Access Control (RBAC) within Milvus

  • Description:

    1. Identify Roles: Define distinct roles based on user responsibilities within Milvus (e.g., data_ingestor, query_user, admin, read_only_analyst).
    2. Define Permissions: For each role, meticulously list the minimum required Milvus operations using Milvus's RBAC system. Map operations to specific permissions (e.g., CreateCollection, Insert, Search, DropCollection, DescribeCollection, LoadCollection, ReleaseCollection). Crucially, limit access to specific collections or even partitions where possible.
    3. Create Users and Assign Roles: Create Milvus users and assign them to the pre-defined roles using Milvus's user management commands. Never use default credentials.
    4. Regular Audit: At least quarterly, review all roles, permissions, and user assignments within Milvus. Remove any unnecessary privileges or inactive users.
    5. Enable Authentication: Ensure that authentication is enabled in the Milvus configuration (common.security.authorizationEnabled: true).

  • Threats Mitigated:

    • Unauthorized Access to Milvus Components: (Severity: Critical) - Prevents unauthorized users from directly interacting with Milvus components.
    • Data Exfiltration via Malicious Queries (within Milvus's capabilities): (Severity: High) - Limits the scope of data accessible even if a user gains unauthorized access.
    • Insider Threat (Malicious User with Milvus Credentials): (Severity: High) - Restricts the actions a malicious insider can perform within Milvus.
    • Accidental Data Modification/Deletion (within Milvus): (Severity: Medium) - Prevents users from accidentally deleting or modifying data they shouldn't have access to.

  • Impact:

    • Unauthorized Access: Risk significantly reduced (from Critical to Low/Negligible).
    • Data Exfiltration: Risk significantly reduced (from High to Medium/Low).
    • Insider Threat: Risk reduced (from High to Medium).
    • Accidental Modification: Risk significantly reduced (from Medium to Low).

  • Currently Implemented (Hypothetical Example):

    • Basic roles (admin, read-only) are defined in milvus.yaml.
    • Authentication is enabled.
    • Users are created and assigned to these roles.

  • Missing Implementation (Hypothetical Example):

    • Granular permissions are not fully utilized. Roles have broad access.
    • No regular audit process is documented or followed.
    • Roles are not defined for specific tasks like data ingestion, with fine-grained collection/partition access.

Mitigation Strategy: Resource Quotas and Limits (within Milvus Configuration)

Mitigation Strategy: Resource Quotas and Limits (within Milvus Configuration)

  • Description:

    1. Monitor Baseline Usage: Observe Milvus's resource consumption (CPU, memory, connections) under normal operating conditions using Milvus's monitoring tools (Prometheus, Grafana).
    2. Set Limits: Configure Milvus's resource limits directly in milvus.yaml. This includes:
      • queryNode.resource.maxMemory: Maximum memory a query node can use.
      • dataNode.resource.maxMemory: Maximum memory a data node can use.
      • indexNode.resource.maxMemory: Maximum memory an index node can use.
      • proxy.maxConnections: Maximum number of client connections.
      • common.retentionDuration: How long to keep deleted data before purging.
    3. Alerting (via Milvus Monitoring): Configure alerts within Milvus's monitoring system (Prometheus, Grafana) to trigger when resource usage approaches the defined limits.
    4. Regular Review: Periodically review and adjust the limits based on observed usage and performance, directly within the Milvus configuration.

  • Threats Mitigated:

    • Denial of Service (DoS) via Resource Exhaustion (targeting Milvus directly): (Severity: Medium) - Prevents a single client or query from consuming all available Milvus resources.
    • System Instability (within Milvus): (Severity: Medium) - Prevents resource exhaustion from causing Milvus components to crash.

  • Impact:

    • DoS: Risk reduced (from Medium to Low).
    • System Instability: Risk reduced (from Medium to Low).

  • Currently Implemented (Hypothetical Example):

    • Default resource limits are set in milvus.yaml.

  • Missing Implementation (Hypothetical Example):

    • Limits are not tuned to the specific workload.
    • Alerting within Milvus's monitoring is not fully configured for resource usage.
    • No regular review of resource limits within the Milvus configuration.

Mitigation Strategy: Auditing and Monitoring (using Milvus's built-in features)

Mitigation Strategy: Auditing and Monitoring (using Milvus's built-in features)

  • Description:

    1. Enable Audit Logging: Configure Milvus to enable its built-in audit logging feature. This involves setting specific parameters in milvus.yaml (refer to the Milvus documentation for the exact settings, as they may change between versions).
    2. Log Destination (within Milvus config): If Milvus supports configuring a specific log destination within its configuration, set this to a secure location. If not, this becomes an infrastructure-level concern.
    3. Log Rotation and Retention (within Milvus config): If Milvus offers built-in log rotation and retention settings, configure these appropriately within milvus.yaml.
    4. Alerting (via Milvus Monitoring): Configure alerts within Milvus's monitoring system (Prometheus, Grafana) based on specific audit log events, if the monitoring system supports this directly.
    5. Regular Review (of Milvus-generated logs): Regularly review the audit logs generated directly by Milvus to identify suspicious activity.

  • Threats Mitigated:

    • Insider Threat (Malicious or Negligent User with Milvus Credentials): (Severity: High) - Provides a record of user actions within Milvus.
    • Data Exfiltration (detectable within Milvus): (Severity: High) - Can help detect unauthorized data access.
    • Unauthorized Access Attempts (to Milvus): (Severity: Medium) - Logs failed login attempts.
    • Security Incident Investigation (related to Milvus): (Severity: All) - Provides evidence for investigating Milvus-specific incidents.

  • Impact:

    • Insider Threat: Risk detection improved.
    • Data Exfiltration: Risk detection improved.
    • Unauthorized Access: Risk detection improved.
    • Incident Investigation: Improves investigation capabilities for Milvus-related issues.

  • Currently Implemented (Hypothetical Example):

    • Basic Milvus logs are enabled, but not audit logs.

  • Missing Implementation (Hypothetical Example):

    • Audit logging is not enabled within Milvus.
    • Alerting within Milvus's monitoring is not configured for audit log events.
    • No regular review process for Milvus-generated audit logs.