[openstack-dev] [OSSG] OpenStack Security Group Task List
Matt Joyce
matt.joyce at cloudscaling.com
Fri Oct 26 00:04:30 UTC 2012
Threat models always struck me as low in value. Trust relationships are
far more useful.
On Thu, Oct 25, 2012 at 4:31 PM, Sriram Subramanian
<sriram at sriramhere.com>wrote:
> Do we have an idea about the threat surface/ or do we have a threat model
> yet? I understand it is a complex task, but would like to understand the
> team's feel for it.
>
> thanks,
> -Sriram
> On Thu, Oct 25, 2012 at 1:41 PM, David Kranz <david.kranz at qrclab.com>wrote:
>
>> On 10/23/2012 8:34 PM, Bryan D. Payne wrote:
>>
>>> As the OpenStack Security Group (OSSG) begins to take shape, we are
>>> looking to identify what work needs to be done. We have lots of
>>> things in our heads, but I know others have similar lists in their
>>> heads as well. I'd like to start this thread to collect security
>>> related issues for any OpenStack core project. These can be things
>>> with existing bug reports, or things that have just been sitting in
>>> your head without actually making it into a bug report yet.
>>>
>>> The idea is to have a list of problems where it would be useful for
>>> security people to help. I'll start with the following to get us
>>> going.
>>>
>>> * Fix problems with clients using SSL (see slide 19 of
>>> http://www.bryanpayne.org/**storage/ossg-oct2012.pdf<http://www.bryanpayne.org/storage/ossg-oct2012.pdf>
>>> )
>>> * Start a hardening guide
>>> * Work with swift team on Swift Message Authentication
>>> * Work with nova team on Nova RPC signing
>>> * Work with keystone team on new PKI tokens and related code
>>> * Work with oslo team on rootwrap code
>>> * Add a 'SecurityImpact' tag to mark pull requests as needing a review
>>> by someone in OSSG
>>>
>>> Please help us out by replying with your additions.
>>>
>>> Cheers,
>>> -bryan
>>>
>>>
>>> ______________________________**_________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
>>> http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>>>
>> Is the first bullet related to this http://www.cs.utexas.edu/~**
>> shmat/shmat_ccs12.pdf <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>?
>>
>> The Most Dangerous Code in the World:
>> Validating SSL Certificates in Non-Browser Software
>>
>> -David
>>
>>
>>
>> ______________________________**_________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
>> http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121025/4b520d7b/attachment-0001.html>
More information about the OpenStack-dev
mailing list