[Openstack-security] Help regarding Chain of Trust implementation in Openstack cloud.
Anish
anish2good at yahoo.co.in
Mon Oct 27 15:16:37 UTC 2014
Hyder,
Few questions
* Who is the User is the device/storage or end user?
* What is the Service ?
* What are you trying to change, that doesn't provided by the Opestack framework
* Cloud Images ? are you specific about the Glance ?
* Did you try to explore the keystone, RBAC feature
* are you trying to create trust model like AAA
--
Anish
On Monday, 27 October 2014 8:18 PM, Muhammad Faraz Hyder <farazhyder55 at gmail.com> wrote:
Thanks Robert and Anish.,
Actually I am doing my masters in Computer Engineering. My research topic is related to trust establishment in cloud computing. I have deployed the Openstack cloud. Now I have to work on the trust. I have gone through different trust models. In most papers that I have read, people build the trust using TPM hardware chip.
Now, I have to build some sort of trust at different layers of cloud. Idea in my mind was that we can use cryptography and PKI etc for establishing trust. Or I can go with some sort of auditing and logging , so that user can have to certain extend more visibility of their data, this might also provide trust. and also I can go with some mechanism for providing the verification of cloud images that cloud customers uses, so that cloud images are not tempered by cloud service provider.
Regards,
Faraz
On Mon, Oct 27, 2014 at 2:47 PM, Anish <anish2good at yahoo.co.in> wrote:
Hyder,
>ps[Tell us the Use case what exactly are you trying to solve]
>
>
>Otherwise, in order to build chain of trust, you can use cryptography concept of building a rootCA, and creating chain of certificate
>This is part of PKI infrastructure,where digital certificates are verified using a chain of trust
>--
>Anish
>
>
>
>
>
>On Monday, 27 October 2014 2:42 PM, "Clark, Robert Graham" <robert.clark at hp.com> wrote:
>
>
>
>Hi Faraz,
>
>We can likely help you more if you provide a little bit more background.
>
>Have you taken a look at the OpenStack Security Guide http://docs.openstack.org/sec/ ? That touches on a number of related topics, we’ve also got several people in the group who are very familiar with trusted computing who I’m sure will reply to this thread.
>
>-Rob
>
>From:Muhammad Faraz Hyder [mailto:farazhyder55 at gmail.com]
>Sent: 27 October 2014 05:43
>To: openstack-security at lists.openstack.org
>Subject: [Openstack-security] Help regarding Chain of Trust implementation in Openstack cloud.
>
>Hi,
>
>I need help regarding the implementation of Trust in openstack cloud. I have gone through the TPM based implementation and Open attestation provided by Intel.
>
>But, what i am trying to implement is some non-vendor /non- hardware dependent solution.
>
>Is PKI could be good idea for the implementation of Chain of Trust?. Please guide me in this regard, as I am still unable to come up with right idea for the implementation.
>
>
>Regards,
>Faraz
>
>_______________________________________________
>Openstack-security mailing list
>Openstack-security at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20141027/a6fff041/attachment.html>
More information about the Openstack-security
mailing list