Security Requirements for Apama

Security model

The Apama security model for the correlatoris that untrusted users must not be given access to any related files or to send or receive data on the network ports. It is assumed that any user able to access these files or ports is trusted and has permission to make arbitrary changes and read arbitrary data. Such users are also permitted to inject arbitrary code into a correlator and execute it with the permissions of the correlator process.

Security requirements

You must use standard operating system and network tools/configuration to restrict access to the correlator to only trusted users.

You must use standard operating system tools to restrict access to all configuration and data files to only trusted users.

You must restrict access to changing the process environment when starting the server processes to only trusted users.

You must not set the correlator logging to a level higher than INFO to have all security-relevant events logged to the log files.

Setting the correlator logging to a level lower than INFO could include security-sensitive information in the log files.

Remember to also fully configure all connected systems to perform adequate authentication and authorization. Select connectivity plug-ins that support authentication and authorization where possible, and make sure these settings are enabled. For example:

  • If using the HTTP server connectivity plug-in, note that it exposes an additional port on the correlator. If deployed in any context where access is not restricted to only trusted users, the HTTP server connectivity plug-in must be configured to use TLS and HTTP basic authentication. It should not be directly connected to the internet. If internet access is required, then the plug-in must be deployed in a DMZ behind a reverse proxy such as Apache or Nginx. For more information, see Configuring the HTTP server transport.
  • If using the HTTP client connectivity plug-in, configure it to use TLS and HTTP basic authentication. For more information, see Configuring the HTTP client transport.
  • If using the MQTT connectivity plug-in, configure it to use SSL/TLS. For more information, see Configuring the connection to MQTT.

If components must connect across an untrusted network, then either use a standard overlay tool such as a VPN or use a plug-in that supports TLS and authentication.

Important
Ensure that you regularly install the latest Apama fixes, and keep your operating system fully patched to ensure the latest security fixes are present.
Docker and Kubernetes

Both Docker and Kubernetes offer methods of passing secrets to the correlator. This can be used to securely provide credentials to the correlator. For more information, see the corresponding samples that are mentioned in Apama samples for Docker and Apama samples for Kubernetes.

Personal data

You need to secure log files and input logs, especially if they contain personal data. This would involve restricting read and execute permissions to only the owning user (that is, “700”) and if possible also setting a umask of 0077 on the correlator process to ensure files created by the correlator also have locked down permissions.

See Protecting personal data in Apama applications for suggestions to help with identifying how personal data can be protected when building applications on the Apama platform.