Choose timezone
Your profile timezone:
Token Trust & Traceability WG
→
Europe/Zurich
513/R-068 (CERN)
Description
Fortnightly for the risk assessment season.
Token Tracebility and Traceability WG
https://codimd.web.cern.ch/wxKIVoG7QMOTnn-ablYttQ
# TTT Meeting 6/1/26
Attending: Matt, DaveK, Maarten, Mischa, Linda, DaveD, Donald
Apologies:
## From/since last time
* CHEP abstract submitted by Tom - thanks Tom and everyone.
* Maarten applied polish to the spreadsheet
* Looked at the split between "power" and "regular" users
From the notes:
- Split 4e and 4f into Power and Ordinary users and re-evaluate.
- Look at how to handle the case of a "hacked" user, where a bad actor is using regular token flows using a compromised account. This is a hybrid of 4 and 5.
ML also notes that TR 4 and 5 numbers are very similar - the difference is in the assets. Need to question if reasonings covers both types of threats.
Of the opinion we should combine the two.
ML also looked for consistency in numbers throughout the spreadsheet. Some would need a re-discussion - particularly early ones when we were just getting started.
Impact discussion a bit more focussed, but DC mentions lack of guard rails or misconfiguration.
Impact low, but clear up is a large point of the "cost"
Need to add comment that efforts made to split "ordinary" and "power" users.
Note that on plain 4e we had a likelihood of 4, which shows how thoughts change. But could be a 4.
Moving onto 4e for power users.
Discussion of power users - fewer, but tend to do more work. How much smaller is the surface?
Discussion of CMS methods at the moment.
Moved up from 2.3 to 3, coming at the same number as ordinary users "from the other directions"
Split of 3s and 4s for impact, MS notes that those who had higher likelihood went for the smaller impact.
Note that in the event of a leak likely that more then one would be leaked at a time.
Note that at the moment CMS jobs have modify scope, so need to consider that such restrictions might not be able to be implimented.
Discussion convinced others up to 4.
Onto the 4fs - job submission.
Discussion of bit coin mining as an example bad activity.
Not as much a feel as to how job flows work.
With the likelihood we come significantly lower then the plain 4f from a few months ago. Need to review what else we considered then.
MS notes we're not sure of scenarios, feels much less likely then with data.
ML - This area that it is unexplored
MS - we need to indicate that important to store tokens securely, and make use of tools to avoid this.
Some discussion on Likelhood of 4f-P, many 2s but good argument for a 1.
Some discussion that we should be more embracing of non-integer figures.
## Finishing the risk assessment (...)
Some discussion of what "power" means in this case. This is a power token rather then a power user - should put into the description.
4e and 4f split to -O and -P.
More discussion about the differences (or lack there of) between threat 4 and 5
Some discussion on likelihood, as big swing with half 2s and half 4s. Discussion of previous leaking channels.
Also mention that even if token leaked might not be took advantage of.
Strong recommendation of watch the logs and other places tokens might be recorded.
Should encourage testing if users *can't* access (CMS do this at the moment).
Note we have left out the upload of illegal data. As we don't have public webservers this isn't a problem.
## "Hacked user" consideration
ML - believes hacked users should be in "4". But actions are associated with 5.
Very connected.
Continue this discussion next time.
## AOB/next meeting
Next meeting will review the whole spreadsheet, look for anything missing, see if we can stream line it, and review how to represent "hacked users" within it.
Matt will share and encourage others to review ahead of time.
There are minutes attached to this event.
Show them.
