<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:13px"><div>Hyder,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">Few questions</div><div style="background-color: transparent;"></div><ul style=""><li style="">Who is the User is the device/storage or end user?</li><li style="">What is the Service ?</li><li style="">What are you trying to change, that doesn't provided by the Opestack framework</li><li style=""><span style="background-color: transparent;">Cloud Images ? are you specific about the Glance ?</span></li><li style=""><span style="background-color: transparent;">Did you try to explore the keystone, RBAC feature</span></li><li style=""><span style="background-color:
transparent;">are you trying to create trust model like AAA</span></li></ul><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">--</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">Anish</div><div></div><div id="RTEContent"><font face="times new roman" size="5"><font color="#407f00"><div> </div></font></font></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12px;"> <div dir="ltr"> <font size="2" face="Arial"> On Monday, 27 October 2014 8:18 PM, Muhammad Faraz Hyder <farazhyder55@gmail.com> wrote:<br> </font> </div> <br><br> <div class="y_msg_container"><div id="yiv9952881862"><div><div dir="ltr">Thanks Robert and Anish., <div><br clear="none"></div><div>Actually I am doing my masters in Computer Engineering. My research topic is related to trust establishment in cloud computing. I have deployed the Openstack cloud. Now I have to work on the trust. I have gone through different trust models. In most papers that I have read, people build the trust using TPM hardware chip. </div><div><br clear="none"></div><div>Now, I have to build some sort of trust at different layers of cloud. Idea in my mind was
that we can use cryptography and PKI etc for establishing trust. Or I can go with some sort of auditing and logging , so that user can have to certain extend more visibility of their data, this might also provide trust. and also I can go with some mechanism for providing the verification of cloud images that cloud customers uses, so that cloud images are not tempered by cloud service provider. </div><div> </div><div><br clear="none"></div><div>Regards, </div><div>Faraz </div></div><div class="yiv9952881862yqt8348697756" id="yiv9952881862yqt47712"><div class="yiv9952881862gmail_extra"><br clear="none"><div class="yiv9952881862gmail_quote">On Mon, Oct 27, 2014 at 2:47 PM, Anish <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:anish2good@yahoo.co.in" target="_blank" href="mailto:anish2good@yahoo.co.in">anish2good@yahoo.co.in</a>></span> wrote:<br clear="none"><blockquote class="yiv9952881862gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="color: rgb(0, 0, 0); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; background-color: rgb(255, 255, 255);"><div>Hyder,</div><div>ps[Tell us the Use case what exactly are you trying to solve]</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;"><br clear="none"></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">Otherwise, in order to build chain of trust, you can use cryptography concept of building a rootCA, and creating chain of certificate</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">This is part of PKI infrastructure,where digital certificates are verified using a chain of trust</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">--</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;">Anish</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;"><br clear="none"></div> <div><br clear="none"><br clear="none"></div><div style="display:block;"> <div style="font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12px;"><div><div class="yiv9952881862h5"> <div dir="ltr"> <font face="Arial"> On Monday, 27 October 2014 2:42 PM, "Clark, Robert Graham" <<a rel="nofollow" shape="rect" ymailto="mailto:robert.clark@hp.com" target="_blank" href="mailto:robert.clark@hp.com">robert.clark@hp.com</a>> wrote:<br clear="none"> </font> </div> <br clear="none"><br clear="none"> </div></div><div><div><div class="yiv9952881862h5"><div><div><div><div><span style="font-size:11.0pt;">Hi Faraz,</span></div><div><span style="font-size:11.0pt;"> </span></div><div><span style="font-size:11.0pt;">We can likely help you more if you provide a little bit more background.</span></div><div><span style="font-size:11.0pt;"> </span></div><div><span
style="font-size:11.0pt;">Have you taken a look at the OpenStack Security Guide <a rel="nofollow" shape="rect" target="_blank" href="http://docs.openstack.org/sec/">http://docs.openstack.org/sec/</a> ? That touches on a number of related topics, we’ve also got several people in the group who are very familiar with trusted computing who I’m sure will reply to this thread.</span></div><div><span style="font-size:11.0pt;"> </span></div><div><span style="font-size:11.0pt;">-Rob</span></div><div><span style="font-size:11.0pt;"> </span></div><div><div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt;"><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm;"><div><b><span lang="EN-US" style="font-size:11.0pt;">From:</span></b><span lang="EN-US" style="font-size:11.0pt;"> Muhammad Faraz Hyder [mailto:<a rel="nofollow" shape="rect" ymailto="mailto:farazhyder55@gmail.com" target="_blank"
href="mailto:farazhyder55@gmail.com">farazhyder55@gmail.com</a>] <br clear="none"><b>Sent:</b> 27 October 2014 05:43<br clear="none"><b>To:</b> <a rel="nofollow" shape="rect" ymailto="mailto:openstack-security@lists.openstack.org" target="_blank" href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a><br clear="none"><b>Subject:</b>
[Openstack-security] Help regarding Chain of Trust implementation in Openstack cloud.</span></div></div></div><div> </div><div><div><div>Hi, </div></div><div><div> </div></div><div>I need help regarding the implementation of Trust in openstack cloud. I have gone through the TPM based implementation and Open attestation provided by Intel. </div><div><div> </div></div><div><div>But, what i am trying to implement is some non-vendor /non- hardware dependent solution.</div></div><div><div> </div></div><div><div>Is PKI could be good idea for the implementation of Chain of Trust?. Please guide me in this regard, as I am still unable to come up with right idea
for the implementation. </div></div><div><div> </div></div><div><div> </div></div><div><div>Regards, </div></div><div><div>Faraz </div></div></div></div></div></div></div></div><br clear="none"></div></div><div>_______________________________________________<br clear="none">Openstack-security mailing list<br clear="none"><a rel="nofollow" shape="rect" ymailto="mailto:Openstack-security@lists.openstack.org" target="_blank" href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br clear="none"></div><br clear="none"><br clear="none"></div> </div> </div> </div> </div></div></blockquote></div><br clear="none"></div></div></div></div><br><br></div> </div> </div> </div>
</div></body></html>