istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.24/blog/2023/ada-logics-security-assessment/index.html

33 lines
28 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Istio publishes results of 2022 security audit"><meta name=description content="Security review of Istio finds a CVE in Go standard library."><meta name=author content="Craig Box (ARMO), for the Istio Product Security Working Group"><meta name=keywords content="microservices,services,mesh,istio,security,audit,ada logics,assessment,cncf,ostif"><meta property="og:title" content="Istio publishes results of 2022 security audit"><meta property="og:type" content="website"><meta property="og:description" content="Security review of Istio finds a CVE in Go standard library."><meta property="og:url" content="/v1.24/blog/2023/ada-logics-security-assessment/"><meta property="og:image" content="https://raw.githubusercontent.com/istio/istio.io/master/static/img/istio-social.png"><meta property="og:image:alt" content="The Istio sailboat logo"><meta property="og:image:width" content="4096"><meta property="og:image:height" content="2048"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary_large_image"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.24 / Istio publishes results of 2022 security audit</title>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-5XBWY4YJ1E"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-5XBWY4YJ1E")</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.24/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.24/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.24/feed.xml><link rel="shortcut icon" href=/v1.24/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.24/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.24/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.24/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.24/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.24/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.24/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.24/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.24/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.24/favicons/android-192x192.png sizes=192x192><link rel=icon type=image/svg+xml href=/v1.24/favicons/favicon.svg><link rel=icon type=image/png href=/v1.24/favicons/favicon.png><link rel=mask-icon href=/v1.24/favicons/safari-pinned-tab.svg color=#466BB0><link rel=manifest href=/v1.24/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><meta name=msapplication-config content="/browserconfig.xml"><meta name=msapplication-TileColor content="#466BB0"><meta name=theme-color content="#466BB0"><link rel=stylesheet href=/v1.24/css/style.min.38f1afbdf6f8efdb4fe991ff2a53ca1c801b5c4602dea2963da44df7ceaacfb8.css integrity="sha256-OPGvvfb479tP6ZH/KlPKHIAbXEYC3qKWPaRN986qz7g=" crossorigin=anonymous><link rel=preconnect href=https://fonts.googleapis.com><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,400;0,500;0,600;0,700;1,400;1,600&display=swap"><script src=/v1.24/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.24",docTitle="Istio publishes results of 2022 security audit",iconFile="/v1.24//img/icons.svg",buttonCopy="Copy to clipboard",buttonPrint="Print",buttonDownload="Download"</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.24/js/all.min.js data-manual defer></script><header class=main-navigation><nav class="main-navigation-wrapper container-l"><div class=main-navigation-header><a id=brand href=/v1.24/ aria-label=logotype><span class=logo><svg width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></span>
</a><button id=hamburger class=main-navigation-toggle aria-label="Open navigation">
<svg class="icon menu-hamburger"><use xlink:href="/v1.24/img/icons.svg#menu-hamburger"/></svg>
</button>
<button id=menu-close class=main-navigation-toggle aria-label="Close navigation"><svg class="icon menu-close"><use xlink:href="/v1.24/img/icons.svg#menu-close"/></svg></button></div><div id=header-links class=main-navigation-links-wrapper><ul class=main-navigation-links><li class=main-navigation-links-item><a class="main-navigation-links-link has-dropdown"><span>About</span><svg class="icon dropdown-arrow"><use xlink:href="/v1.24/img/icons.svg#dropdown-arrow"/></svg></a><ul class=main-navigation-links-dropdown><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/service-mesh class=main-navigation-links-link>Service mesh</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/solutions class=main-navigation-links-link>Solutions</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/case-studies class=main-navigation-links-link>Case studies</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/ecosystem class=main-navigation-links-link>Ecosystem</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/deployment class=main-navigation-links-link>Deployment</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/training class=main-navigation-links-link>Training</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.24/about/faq class=main-navigation-links-link>FAQ</a></li></ul></li><li class=main-navigation-links-item><a href=/v1.24/blog/ class=main-navigation-links-link><span>Blog</span></a></li><li class=main-navigation-links-item><a href=/v1.24/news/ class=main-navigation-links-link><span>News</span></a></li><li class=main-navigation-links-item><a href=/v1.24/get-involved/ class=main-navigation-links-link><span>Get involved</span></a></li><li class=main-navigation-links-item><a href=/v1.24/docs/ class=main-navigation-links-link><span>Documentation</span></a></li></ul><div class=main-navigation-footer><button id=search-show class=search-show title='Search this site' aria-label=Search><svg class="icon magnifier"><use xlink:href="/v1.24/img/icons.svg#magnifier"/></svg></button>
<a href=/v1.24/docs/setup/getting-started class="btn btn--primary" id=try-istio>Try Istio</a></div></div><form id=search-form class=search name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/search>
<input id=search-textbox class="search-textbox form-control" name=q type=search aria-label='Search this site' placeholder=Search>
<button id=search-close title='Cancel search' type=reset aria-label='Cancel search'><svg class="icon menu-close"><use xlink:href="/v1.24/img/icons.svg#menu-close"/></svg></button></form></nav></header><div class=banner-container><a href=https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/istio-day/ class=banner data-title="Istio Day Europe-2025-01-31 00:00:00 +0000 UTC" data-period-start=1738281600000 data-period-end=1743465600000 data-max-impressions data-timeout><div class=content><p>Join us for Istio Day Europe, a KubeCon + CloudNativeCon Europe Co-located Event. 01 April 2025, London, England. Register now!</p></div><div class=frame></div></a></div><article class=post itemscope itemtype=http://schema.org/BlogPosting><div class=header-content><h1>Istio publishes results of 2022 security audit</h1><p>Security review of Istio finds a CVE in Go standard library.</p></div><p class=post-author>Jan 30, 2023 <span>| </span>By Craig Box - ARMO, for the Istio Product Security Working Group</p><div><p>Istio is a project that platform engineers trust to enforce security policy in their production Kubernetes environments. We pay a lot of care to security in our code, and maintain a robust <a href=/v1.24/docs/releases/security-vulnerabilities/>vulnerability program</a>. To validate our work, we periodically invite external review of the project, and we are pleased to publish <a href=/v1.24/blog/2023/ada-logics-security-assessment/Istio%20audit%20report%20-%20ADA%20Logics%20-%202023-01-30%20-%20v1.0.pdf>the results of our second security audit</a>.</p><p>The auditors assessment was that <strong>&ldquo;Istio is a well-maintained project that has a strong and sustainable approach to security&rdquo;</strong>. No critical issues were found; the highlight of the report was the discovery of a vulnerability in the Go programming language.</p><p>We would like to thank the <a href=https://cncf.io/>Cloud Native Computing Foundation</a> for funding this work, as a benefit offered to us after we <a href=https://www.cncf.io/blog/2022/09/28/istio-sails-into-the-cloud-native-computing-foundation/>joined the CNCF in August</a>. It was <a href=https://ostif.org/the-audit-of-istio-is-complete>arranged by OSTIF</a>, and <a href=https://adalogics.com/blog/istio-security-audit>performed by ADA Logics</a>.</p><h2 id=scope-and-overall-findings>Scope and overall findings</h2><p><a href=/v1.24/blog/2021/ncc-security-assessment/>Istio received its first security assessment in 2020</a>, with its data plane, the <a href=https://envoyproxy.io/>Envoy proxy</a>, having been <a href=https://github.com/envoyproxy/envoy#security-audit>independently assessed in 2018 and 2021</a>. The Istio Product Security Working Group and ADA Logics therefore decided on the following scope:</p><ul><li>Produce a formal threat model, to guide this and future security audits</li><li>Carry out a manual code audit for security issues</li><li>Review the fixes for the issues found in the 2020 audit</li><li>Review and improve Istio&rsquo;s fuzzing suite</li><li>Perform a SLSA review of Istio</li></ul><p>Once again, no Critical issues were found in the review. The assessment found 11 security issues; two High, four Medium, four Low and one informational. All the reported issues have been fixed.</p><div><aside class="callout quote"><div class=type><svg class="large-icon"><use xlink:href="/v1.24/img/icons.svg#callout-quote"/></svg></div><div class=content><strong>&ldquo;Istio is a very well-maintained and secure project with a sound code base, well-established security practices and a responsive product security team.&rdquo; - ADA Logics</strong></div></aside></div><p>Aside from their observations above, the auditors note that Istio follows a high level of industry standards in dealing with security. In particular, they highlight that:</p><ul><li>The Istio Product Security Working Group responds swiftly to security disclosures</li><li>The documentation on the projects security is comprehensive, well-written and up to date</li><li>Security vulnerability disclosures follow industry standards and security advisories are clear and detailed</li><li>Security fixes include regression tests</li></ul><h2 id=resolution-and-learnings>Resolution and learnings</h2><h3 id=request-smuggling-vulnerability-in-go>Request smuggling vulnerability in Go</h3><p>The auditors uncovered a situation where Istio could accept traffic using HTTP/2 Over Cleartext (h2c), a method of making an unencrypted connection with HTTP/1.1 and then upgrading to HTTP/2. The <a href=https://pkg.go.dev/golang.org/x/net/http2/h2c>Go library for h2c connections</a> reads the entire request into memory, and notes that if you wish to avoid this, the request should be wrapped in a <code>MaxBytesHandler</code>.</p><p>In fixing this bug, Istio TOC member John Howard noticed that the recommended fix introduces a <a href=https://portswigger.net/web-security/request-smuggling>request smuggling vulnerability</a>. The Go team thus published <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721">CVE-2022-41721</a> — the only vulnerability discovered by this audit!</p><p>Istio has since been changed to disable h2c upgrade support throughout.</p><h3 id=improvements-to-file-fetching>Improvements to file fetching</h3><p>The most common class of issue found were related to Istio fetching files over a network (for example, the Istio Operator installing Helm charts, or the WebAssembly module downloader):</p><ul><li>A crafted Helm chart could exhaust disk space (#1) or overwrite other files in the Operators pod (#2)</li><li>File handles were not closed in the case of an error, and could be exhausted (#3)</li><li>Crafted files could exhaust memory (#4 and #5)</li></ul><p>To execute these code paths, an attacker would need enough privilege to either specify a URL for a Helm chart or a WebAssembly module. With such access, they would not need an exploit: they could already cause an arbitrary chart to be installed to the cluster or an arbitrary WebAssembly module to be loaded into memory on the proxy servers.</p><p>The auditors and maintainers both note that the Operator is not recommended as a method of installation, as this requires a high-privilege controller to run in the cluster.</p><h3 id=other-issues>Other issues</h3><p>The remaining issues found were:</p><ul><li>In some testing code, or where a control plane component connects to another component over localhost, minimum TLS settings were not enforced (#6)</li><li>Operations that failed may not return error codes (#7)</li><li>A deprecated library was being used (#8)</li><li><a href=https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use>TOC/TOU</a> race conditions in a library used for copying files (#9)</li><li>A user could exhaust the memory of the Security Token Service if running in Debug mode (#11)</li></ul><p>Please refer to <a href=/v1.24/blog/2023/ada-logics-security-assessment/Istio%20audit%20report%20-%20ADA%20Logics%20-%202023-01-30%20-%20v1.0.pdf>the full report</a> for details.</p><h3 id=reviewing-the-2020-report>Reviewing the 2020 report</h3><p>All 18 issues reported in Istios first security assessment were found to have been fixed.</p><h3 id=fuzzing>Fuzzing</h3><p>The <a href=https://google.github.io/oss-fuzz/>OSS-Fuzz project</a> helps open source projects perform free <a href=https://en.wikipedia.org/wiki/Fuzzing>fuzz testing</a>. Istio is integrated into OSS-Fuzz with 63 fuzzers running continuously: this support was <a href=https://adalogics.com/blog/fuzzing-istio-cve-CVE-2022-23635>built by ADA Logics and the Istio team in late 2021</a>.</p><div><aside class="callout quote"><div class=type><svg class="large-icon"><use xlink:href="/v1.24/img/icons.svg#callout-quote"/></svg></div><div class=content><strong>"[We] started the fuzzing assessment by prioritizing security-critical parts of Istio. We found that many of these had impressive test coverage with little to no room for improvement." - ADA Logics</strong></div></aside></div><p>The assessment notes that &ldquo;Istio benefits largely from having a substantial fuzz test suite that runs continuously on OSS-Fuzz&rdquo;, and identified a few APIs in security-critical code that would benefit from further fuzzing, Six new fuzzers were contributed as a result of this work; by the end of the audit, the new tests had run over <strong>3 billion</strong> times.</p><h3 id=slsa>SLSA</h3><p><a href=https://slsa.dev/>Supply chain Levels for Software Artifacts</a> (SLSA) is a check-list of standards and controls to prevent tampering, improve integrity, and secure software packages and infrastructure. It is organized into a series of levels that provide increasing integrity guarantees.</p><p>Istio does not currently generate provenance artifacts, so it does not meet the requirements for any SLSA levels. <a href=https://github.com/istio/istio/issues/42517>Work on reaching SLSA Level 1 is currently underway</a>. If you would like to get involved, please join the <a href=https://slack.istio.io/>Istio Slack</a> and reach out to our <a href=https://istio.slack.com/archives/C6FCV6WN4>Test and Release working group</a>.</p><h2 id=get-involved>Get involved</h2><p>If you want to get involved with Istio product security, or become a maintainer, wed love to have you! <a href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md>Join our public meetings</a> to raise issues or learn about what we are doing to keep Istio secure.</p></div><div class=share-social><div class=heading>Share this post</div><div class=share-buttons><a href="https://www.linkedin.com/shareArticle?mini=true&url=%2fv1.24%2fblog%2f2023%2fada-logics-security-assessment%2f" target=_blank><img class=share-icon src=/v1.24/img/social/linkedin.svg alt="Share to LinkedIn">
</a><a href="https://twitter.com/intent/tweet?text=Istio%20publishes%20results%20of%202022%20security%20audit&url=%2fv1.24%2fblog%2f2023%2fada-logics-security-assessment%2f" target=_blank><img class=share-icon src=/v1.24/img/social/twitterx.svg alt="Share to X">
</a><a href="https://www.facebook.com/sharer/sharer.php?u=%2fv1.24%2fblog%2f2023%2fada-logics-security-assessment%2f" target=_blank><img class=share-icon src=/v1.24/img/social/facebook.svg alt="Share to Facebook"></a></div></div><nav class=pagenav><div class=left><a title="The Istio Steering Committee welcomes contributors from Google, IBM, Huawei and Red Hat." href=/v1.24/blog/2023/steering-contribution-seat-results/ class=next-link><svg class="icon left-arrow"><use xlink:href="/v1.24/img/icons.svg#left-arrow"/></svg>Announcing the Contribution Seat holders for 2023</a></div><div class=right><a title="The call for session proposals is now open." href=/v1.24/blog/2023/istioday-kubecon-eu/ class=next-link>Join us for Istio Day at KubeCon Europe 2023!<svg class="icon right-arrow"><use xlink:href="/v1.24/img/icons.svg#right-arrow"/></svg></a></div></nav></article><footer class=footer><div class="footer-wrapper container-l"><div class="user-links footer-links"><a class=channel title='GitHub is where development takes place on Istio code' href=https://github.com/istio/community aria-label=GitHub><svg class="icon github"><use xlink:href="/v1.24/img/icons.svg#github"/></svg>
</a><a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><svg class="icon drive"><use xlink:href="/v1.24/img/icons.svg#drive"/></svg>
</a><a class=channel title='Interactively discuss issues with the Istio community on Slack' href=https://slack.istio.io aria-label=slack><svg class="icon slack"><use xlink:href="/v1.24/img/icons.svg#slack"/></svg>
</a><a class=channel title='Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio' href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><svg class="icon stackoverflow"><use xlink:href="/v1.24/img/icons.svg#stackoverflow"/></svg>
</a><a class=channel title='Follow us on LinkedIn to get the latest news' href=https://www.linkedin.com/company/istio/ aria-label=LinkedIn><svg class="icon linkedin"><use xlink:href="/v1.24/img/icons.svg#linkedin"/></svg>
</a><a class=channel title='Follow us on Twitter to get the latest news' href=https://twitter.com/IstioMesh aria-label=Twitter><svg class="icon twitter"><use xlink:href="/v1.24/img/icons.svg#twitter"/></svg>
</a><a class=channel title='Follow us on Bluesky to get the latest news' href=https://bsky.app/profile/istio.io aria-label=Bluesky><svg class="icon bluesky"><use xlink:href="/v1.24/img/icons.svg#bluesky"/></svg>
</a><a class=channel title='Follow us on Mastodon to get the latest news' href=https://mastodon.social/@istio aria-label=Mastodon rel=me><svg class="icon mastodon"><use xlink:href="/v1.24/img/icons.svg#mastodon"/></svg></a></div><hr class=footer-separator role=separator><div class="info footer-info"><a class=logo href=/v1.24/ aria-label=logotype><svg width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></a><div class=footer-languages><a tabindex=-1 lang=en id=switch-lang-en class="footer-languages-item active"><svg class="icon tick"><use xlink:href="/v1.24/img/icons.svg#tick"/></svg>
English
</a><a tabindex=-1 lang=zh id=switch-lang-zh class=footer-languages-item>中文
</a><a tabindex=-1 lang=uk id=switch-lang-uk class=footer-languages-item>Українська</a></div></div><ul class=footer-policies><li class=footer-policies-item><a class=footer-policies-link href=https://www.linuxfoundation.org/legal/terms>Terms and Conditions
</a>|
<a class=footer-policies-link href=https://www.linuxfoundation.org/legal/privacy-policy>Privacy policy
</a>|
<a class=footer-policies-link href=https://www.linuxfoundation.org/legal/trademark-usage>Trademarks
</a>|
<a class=footer-policies-link href=https://github.com/istio/istio.io/edit/release-1.24/content/en/blog/2023/ada-logics-security-assessment/index.md>Edit this Page on GitHub</a></li></ul><div class=footer-base><span class=footer-base-copyright>&copy; 2024 the Istio Authors.</span>
<span class=footer-base-version>Version
Archive
1.24.3</span><ul class=footer-base-releases><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://istio.io/blog/2023/ada-logics-security-assessment/"),!1'>current release</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://preliminary.istio.io/blog/2023/ada-logics-security-assessment/"),!1'>next release</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link href=https://istio.io/archive>older releases</a></li></ul></div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title='Back to top' tabindex=-1><svg class="icon top"><use xlink:href="/v1.24/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink