[openstack-dev] Periodic Security Checks

Clark, Robert Graham robert.clark at hp.com
Mon Jun 23 17:12:16 UTC 2014


I think this is very interesting and would love to see the code for it.

The blueprint mentions performing checks beyond what Open Attestation
provides, "add dynamic check to verify memory" - this is probably a
stretch goal as process memory verification is extremely complex. I'm
not aware of anyone doing it well though I'd love to be corrected on
that point. I also wonder how, if working outside of Open Attestation
(and I'm assuming outside of TPM) how you will assert that attestations
are accurate.

I'm sure the intel guys will have a lot to contribute here and I'm
excited to see people working to improve Compute security with cool
projects such as this one.

-Rob



> -----Original Message-----
> From: Grant Murphy [mailto:gmurphy at redhat.com]
> Sent: 23 June 2014 00:49
> To: OpenStack Development Mailing List (not for usage questions);
> openstack-security at lists.openstack.org
> Cc: Vasiliy Artemev; David Yuan
> Subject: Re: [Openstack-security] [openstack-dev] Periodic Security
Checks
> 
> Adding openstack-security to the thread. In case folks on OSSG don't
> monitor this list.
> 
> ----- Original Message -----
> > From: "Alexandr Naumchev" <anaumchev at gmail.com>
> > To: openstack-dev at lists.openstack.org
> > Cc: "Amey Ghadigaonkar" <gamoholic010 at gmail.com>, "Vasiliy Artemev"
> <vasart at gmail.com>, "David Yuan"
> > <david.yuanhome at gmail.com>
> > Sent: Sunday, June 22, 2014 4:33:35 AM
> > Subject: [openstack-dev] Periodic Security Checks
> >
> > Hello!
> > We have blueprints here:
> >
> >
https://blueprints.launchpad.net/horizon/+spec/periodic-security-check
> > s
> >
> > and here:
> >
> >
https://blueprints.launchpad.net/nova/+spec/periodic-security-checks/
> >
> > And we already have some code. Is it necessary to approve the
> > blueprint before contributing the code? In any case, could someone
> > review the aforementioned blueprints?
> > Thanks!
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> 
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6187 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140623/f481474b/attachment.bin>


More information about the OpenStack-dev mailing list