Review the current process by which ActivationDesc objects are persisted, transmitted, and deserialized within Phoenix Activation/DirtyChai. Design and propose a mechanism for integrity assurance (e.g., HMAC, digital signature) on ActivationDesc objects, to be verified upon group JVM deserialization. This must ensure tampering is detectable prior to instantiation.
Key tasks:
- Analyze the current storage and transmission points for ActivationDesc.
- Determine hooks/integration points for signing and verification (admin, Phoenix, group JVM boundaries).
- Assess impact on backward compatibility and performance.
- Propose specific algorithms (e.g., HMAC-SHA256, ECDSA), key distribution/management, and policy for signature verification failures.
- Document security impact and limitations.
This is a high priority item for defense-in-depth against activation descriptor tampering.
Review the current process by which ActivationDesc objects are persisted, transmitted, and deserialized within Phoenix Activation/DirtyChai. Design and propose a mechanism for integrity assurance (e.g., HMAC, digital signature) on ActivationDesc objects, to be verified upon group JVM deserialization. This must ensure tampering is detectable prior to instantiation.
Key tasks:
This is a high priority item for defense-in-depth against activation descriptor tampering.