Security¶
Reporting a vulnerability¶
If you believe you have found a security vulnerability in any MESA component, do not file a public GitHub issue. Instead, email the PI at tswetnam@arizona.edu with:
- The repo and component affected.
- A description of the vulnerability and its impact.
- Reproduction steps.
- Your contact information for follow-up.
The MESA team aims to acknowledge security reports within one business day and to issue a fix or mitigation within 30 days of confirmation.
Threat model summary¶
MESA's threat model assumes:
- Trusted users authenticated through CyVerse / CILogon / ORCID.
- Untrusted prompts — even authenticated users may submit prompts designed to extract data they should not see, escape the sandbox, or exhaust resources.
- Hostile network — the public hosted service is reachable from the open internet behind nginx + TLS.
Controls¶
| Control | Implementation |
|---|---|
| Authentication | CyVerse Keycloak OIDC; CILogon / Globus / ORCID federation (Goal 2) |
| Authorization | iRODS native ACLs + RENCI policy engine |
| Sandbox | Per-request container sandbox for tool execution (Goal 3) |
| Transport security | TLS 1.3 via Let's Encrypt; HSTS |
| Secrets | systemd LoadCredential= and OS keyrings; never in git |
| Supply chain | SBOM generation in CI; Trivy scans on container builds |
| Audit | Every tool call logged with actor, timestamp, arguments hash |
TrustedCI engagement¶
WBS 6.5 (Phase 2) funds a TrustedCI prototype security review, owned by Skidmore + Edgin + GRA 3 (ECE Security). The review produces a public report and a remediation backlog tracked in the MESA project board.
Known limitations (pre-alpha)¶
These are documented for transparency. Each will be resolved before the follow-on production proposal:
- AVU-history catalog backups are written to iRODS but not encrypted at rest. Production deployment will use envelope encryption.
- The sandbox is per-request but shares a single host kernel. Production will move to gVisor or Firecracker.
- Rate limiting is per-IP only. Production will add per-token rate limiting.
See each component's SECURITY.md for repo-specific details.