[openstack-dev] [kolla][security] Finishing the job on threat analysis for Kolla
doug.chivers at hpe.com
Tue May 31 16:37:47 UTC 2016
Thanks for following up Steve, the sessions at the summit were extremely useful.
Both Rob and I have been caught up with the day-job since we got back from the summit, but will discuss next steps and agree a plan this week.
From: "Steven Dake (stdake)" <stdake at cisco.com<mailto:stdake at cisco.com>>
Date: Tuesday, 24 May 2016 at 17:16
To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Cc: Doug Chivers <doug.chivers at hpe.com<mailto:doug.chivers at hpe.com>>, "robclark at uk.ibm.com<mailto:robclark at uk.ibm.com>" <robclark at uk.ibm.com<mailto:robclark at uk.ibm.com>>
Subject: [kolla][security] Finishing the job on threat analysis for Kolla
Rob and Doug,
At Summit we had 4 hours of highly productive work producing a list of "things" that can be "threatened". We have about 4 or 5 common patterns where we follow the principle of least privilege. On Friday of Summit we produced a list of all the things (in this case deployed containers). I'm not sure who, I think it was Rob was working on a flow diagram for the least privileged case. From there, the Kolla coresec team can produce the rest of the diagrams for increasing privileges.
I'd like to get that done, then move on to next steps. Not sure what the next steps are, but lets cover the flow diagrams first since we know we need those.
More information about the OpenStack-dev