Skip to content

Latest commit

 

History

History
180 lines (129 loc) · 7.62 KB

mitigations.md

File metadata and controls

180 lines (129 loc) · 7.62 KB

Mitigation Strategies Analysis for realm/realm-java

Mitigation Strategy: Encryption at Rest (Realm's Built-in Encryption)

Mitigation Strategy: Enable and properly configure Realm's built-in encryption.

Description:

  1. Generate a Strong Key: Create a 64-byte (512-bit) encryption key. Do not hardcode this key.
  2. Secure Key Storage: Use a platform-appropriate secure key storage mechanism (e.g., Android Keystore, Keychain).
  3. Configure Realm: Pass the encryption key to the RealmConfiguration: 
    RealmConfiguration config = new RealmConfiguration.Builder()
        .encryptionKey(key)
        .build();
Realm realm = Realm.getInstance(config);
  4. Key Rotation: Implement key rotation using Realm.writeCopyTo(newConfig) where newConfig has the new encryption key.
  5. Handle Exceptions: Properly handle exceptions related to Realm opening and encryption.

Threats Mitigated:

  • Unauthorized Data Access (Realm File Level): Severity: High. Protects against direct access to the Realm file.
  • Data Leakage (Physical Access): Severity: High. Data remains encrypted if the device is lost/stolen.

Impact:

  • Unauthorized Data Access: Risk reduced from High to Low.
  • Data Leakage (Physical Access): Risk reduced from High to Low.

Currently Implemented:

  • Key generation and storage: com.example.app.security.KeyStoreManager
  • Realm configuration with encryption: com.example.app.data.RealmHelper

Missing Implementation:

  • Key rotation is not implemented.
  • setUserAuthenticationRequired(true) is not used (Android Keystore).
  • More robust exception handling needed.

Mitigation Strategy: Careful Schema Design (Realm-Specific Aspects)

Mitigation Strategy: Design Realm object models to minimize exposure, leveraging Realm-specific features.

Description:

  1. Minimize Relationships: Avoid unnecessary relationships between Realm objects.
  2. Use @Ignore: Annotate fields that should not be persisted in the Realm with @Ignore.
  3. Separate Realm Files: Use separate RealmConfiguration instances and file paths for data with different security requirements. Each can have its own encryption key.

Threats Mitigated:

  • Data Leakage Through Object Models: Severity: Medium.
  • Data Breach Impact: Severity: High.

Impact:

  • Data Leakage Through Object Models: Risk reduced from Medium to Low.
  • Data Breach Impact: Risk reduced from High to Medium or Low.

Currently Implemented:

  • @Ignore annotation used in com.example.app.model.User.

Missing Implementation:

  • No separate Realm files are used.
  • Review all models for unnecessary relationships.

Mitigation Strategy: Parameterized Queries (Realm Query Language)

Mitigation Strategy: Always use Realm's parameterized query API.

Description:

  1. Parameterized Queries: Use methods like equalTo, greaterThan, contains, etc., with appropriate arguments. Never construct queries by concatenating strings with user input. Example: 
    // SAFE:
RealmResults<User> results = realm.where(User.class)
                                .equalTo("username", userInput)
                                .findAll();

// UNSAFE (DO NOT DO THIS):
// RealmResults<User> results = realm.where(User.class)
//                                 .rawPredicate("username = '" + userInput + "'")
//                                 .findAll();

Threats Mitigated:

  • Realm Injection Attacks: Severity: Medium.

Impact:

  • Realm Injection Attacks: Risk reduced from Medium to Low.

Currently Implemented:

  • Parameterized queries are used consistently (com.example.app.data).

Missing Implementation:

  • None (specifically related to Realm's API).

Mitigation Strategy: Query Timeouts (Realm Asynchronous Queries)

Mitigation Strategy: Set timeouts for Realm asynchronous queries.

Description:

  1. Asynchronous Queries: Use findAllAsync, findFirstAsync.
  2. Timeouts: Use Realm.getDefaultInstance().executeTransactionAsync(..., timeout, timeUnit).
  3. Handle Timeouts: Handle timeout exceptions appropriately.

Threats Mitigated:

  • Denial of Service (DoS): Severity: Medium.

Impact:

  • Denial of Service (DoS): Risk reduced from Medium to Low.

Currently Implemented:

  • Asynchronous queries are used.

Missing Implementation:

  • No query timeouts are explicitly set.

Mitigation Strategy: Robust Exception Handling (Realm-Specific Exceptions)

Mitigation Strategy: Implement comprehensive exception handling for Realm operations, focusing on RealmException.

Description:

  1. try-catch Blocks: Wrap Realm operations in try-catch blocks.
  2. Specific Exceptions: Catch RealmException and its subclasses.
  3. finally Block: Use a finally block to ensure Realm instances are closed: realm.close().
  4. Asynchronous Operations: Handle exceptions in the onError callback of asynchronous operations.

Threats Mitigated:

  • Information Leakage: Severity: Low.
  • Application Crashes: Severity: Medium.
  • Resource Leaks: Severity: Low.

Impact: (Reductions as before)

Currently Implemented:

  • Basic try-catch blocks are used.

Missing Implementation:

  • Consistent and comprehensive handling is missing.
  • Specific RealmException subclasses are not always handled.
  • realm.close() is not always in a finally block.

Mitigation Strategy: Transaction Management (Realm Transactions)

Mitigation Strategy: Use Realm transactions correctly.

Description:

  1. executeTransaction: Use realm.executeTransaction() (or executeTransactionAsync) for all write operations.
  2. Short Transactions: Keep transactions short.
  3. Avoid Nested Transactions: Realm does not support nested transactions.
  4. Asynchronous Transactions: Use executeTransactionAsync for long operations; handle onSuccess and onError.
  5. Cancellation: Handle cancellation of executeTransactionAsync if needed.

Threats Mitigated:

  • Data Inconsistency: Severity: Medium.
  • Resource Leaks: Severity: Low.

Impact: (Reductions as before)

Currently Implemented:

  • executeTransaction is used for most write operations.

Missing Implementation:

  • Some write operations might be outside transactions.
  • executeTransactionAsync is not consistently used.
  • Transaction cancellation is not handled.

Mitigation Strategy: Secure Data Deletion (Realm File Deletion)

Mitigation Strategy: Use Realm.deleteRealm() to delete Realm files.

Description:

  1. Realm.deleteRealm(): Use Realm.deleteRealm(config) to delete a Realm file and its associated files.

Threats Mitigated:

  • Data Remnants After Deletion: Severity: Low/Medium.

Impact:

  • Data Remnants After Deletion: Risk reduced from Low/Medium to Very Low.

Currently Implemented:

  • Realm.deleteRealm() is used.

Missing Implementation:

  • None (specifically related to Realm's API).