|
# Kea Security
|
|
# 1. Kea Security
|
|
|
|
|
|
This page discusses various aspects related to the Kea software security. This is a living document. This page will eventually be merged into [Kea ARM](https://kea.readthedocs.io).
|
|
This page discusses various aspects related to the Kea software security. This is a living document. This page will eventually be merged into [Kea ARM](https://kea.readthedocs.io).
|
|
|
|
|
... | @@ -65,7 +65,28 @@ The three primary Kea deamons (`kea-dhcp4`, `kea-dhcp6` and `kea-dhcp-ddns`) all |
... | @@ -65,7 +65,28 @@ The three primary Kea deamons (`kea-dhcp4`, `kea-dhcp6` and `kea-dhcp-ddns`) all |
|
|
|
|
|
Control Agent exposes REST API over HTTP interface. CA is an optional component that is not run by default, but it's a popular feature. Since Kea 1.9.0, it can optionally use basic HTTP authentication (RFC7617) to control access of the incoming REST commands. The credentials (username, password) can be stored in local Kea config file on disk. Kea 1.9.2 introduced auth hook point. It's possible to develop an external hook library that will provide access control. Such a library providing RBAC capabilities is planned in the 1.9 series.
|
|
Control Agent exposes REST API over HTTP interface. CA is an optional component that is not run by default, but it's a popular feature. Since Kea 1.9.0, it can optionally use basic HTTP authentication (RFC7617) to control access of the incoming REST commands. The credentials (username, password) can be stored in local Kea config file on disk. Kea 1.9.2 introduced auth hook point. It's possible to develop an external hook library that will provide access control. Such a library providing RBAC capabilities is planned in the 1.9 series.
|
|
|
|
|
|
# Future improvements
|
|
# 2. Code quality and testing
|
|
|
|
|
|
|
|
Kea undergoes extensive tests during its development. The following is a excerpt from all the processes that are used to ensure adequate code quality:
|
|
|
|
|
|
|
|
- each line of code goes through a formal review before it is accepted. The review process is documented and available publicly
|
|
|
|
- roughly 50% of the source code is dedicated to unit-tests. As of Dec. 2020, there are over 6000 unit-tests. There is a requirement that every new piece of code has to come with unit-tests before it is accepted.
|
|
|
|
- there are around 1500 system tests available that test Kea. Those simulate correct and invalid situations, covering network packets (mostly DHCP, but also DNS and others), command-line usage, API calls, database interactions, scripts and more.
|
|
|
|
- there are performance tests with over 80 scenarios that test Kea overall performance and resiliency to various levels of traffic, measuring various metrics (latency, leases per seconds, packets per seconds and others).
|
|
|
|
- Kea uses CI (Continuous Integration). This means that great majority of tests (all unit and system tests, and most performance tests) are run for every commit. Many lighter tests are ran on branches, before the code is even accepted.
|
|
|
|
- We use many tools that perform automatic code quality checks
|
|
|
|
- We use static code analyzers: clang's Thread Sanitizer (TSAN), Coverity Scan, shellcheck, danger
|
|
|
|
- We use dynamic code analyzers: Valgrind
|
|
|
|
|
|
|
|
## Fuzz testing
|
|
|
|
|
|
|
|
We have a process for running fuzz testing, using [AFL](https://github.com/google/AFL). There are two modes which are run. First fuzzes incoming packets, effectively throwing millions of mostly broken packets at Kea per day. The second mode fuzzes configuration structures and forces Kea to attempt to load them. Those two modes are being run continuously since around 2018.
|
|
|
|
|
|
|
|
# Security audit
|
|
|
|
|
|
|
|
ISC initiated a process to audit ISC software from a security perspective. We have completed audit for Stork, a dashboard solution for Kea in Oct. 2020. The audit was conducted by @manu and @fdupont. Both have extensive security background experience in large scale corporate deployments (@manu) and security research (@fdupont). Similar audit for Kea is planned for early 2021.
|
|
|
|
|
|
|
|
# 3. Future improvements
|
|
|
|
|
|
This is a list of improvements that are planned in the future. Please contact ISC if any of them are of particular importance for you:
|
|
This is a list of improvements that are planned in the future. Please contact ISC if any of them are of particular importance for you:
|
|
|
|
|
... | | ... | |