A Security Analysis of a Referential Architecture of the FIWARE Platform.

In this paper we present the results of carrying out a security assessment of the FIWARE technology, by adopting an offensive perspective in the search of potential vulnerabilities involved in deployments of FIWARE components in certain architecture configurations. We consider a referential scenario that includes core components of a FIWARE platform. By experimenting in a locally controlled environment, it was possible to identify a series of security issues. Then, we put forward a threat model following the OWASP methodology that embodies several artifacts, namely, decomposition of the referential platform, a data flow diagram, a STRIDE threat modeling, attack analysis and the identification of attack objectives. We were able to implement attacks for three of the identified attack goals. The approach conducted for the referential platform was validated by performing an exploratory analysis of a real working and productive FIWARE platform, distinguishing different types of attacks that could be implemented, ending up with a set of recommendations in terms of components, architecture and access control.