[openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis and OpenStack Applicability - UPDATED

Sumit Naiksatam sumitnaiksatam at gmail.com
Thu Aug 14 01:52:26 UTC 2014

Hi Michael,

Thanks for keeping us in the loop on the progress at your end. This is
very nice work. I quickly read through the section you referenced in
your email, and it does capture the current state of the work in


On Wed, Aug 13, 2014 at 6:05 PM, Michael Grima <mike.r.grima at gmail.com> wrote:
> Hi Everyone,
> Not sure if you remember, but a few months ago, I made the following
> thread on here titled: "Firewall Web Services Research Thesis
> Applicability to the OpenStack Project"
> (http://lists.openstack.org/pipermail/openstack-dev/2014-May/034575.html)
> To provide a recap, this is a thesis that I am researching, and
> examines the potential advantages of exposing a host's firewall via a
> web service.  The purpose of which is to improve the security of IaaS
> environments by now providing the ability for external security
> appliances, such as vulnerability scanners and IDS's, the ability to
> dynamically (and perhaps automatically) respond to incidents and close
> open ports to problematic virtual machines.  My thesis examines the
> perspective of the "infrastructure administrator", as opposed to the
> "domain administrator".
> At the time I made the initial post, I was actively writing my thesis,
> and I am happy to report that it is effectively "done".
> You can download the PDF here:
> https://docs.google.com/file/d/0B7WyzOL96X9QWDl6R3RqRE0tMWc/edit
> I have a section that specifically mentions OpenStack (Page 44,
> Section 5.3).  Please review that section and let me know if it
> accurately and properly describes the OpenStack effort and
> corresponding projects (FWaaS, and Neutron).
> Of course, if you find any issues, please don't hesitate to point them out.
> Below are screen-videos showcasing my thesis in action:
> 1.) Demo 1: Adding new rules/policies and manipulating traffic
> https://docs.google.com/file/d/0B7WyzOL96X9QU0dQa0xEekFxVlk/edit
> 2.) Demo 2: Same as Demo 1, but showcasing platform independence by
>     applying rules to a Windows Server 2008 R2 VM
> https://docs.google.com/file/d/0B7WyzOL96X9QMnRaZXBhU1FFc28/edit
> 3.) Sample OpenVAS Scenario where a VM can --only-- operate a HTTP
>     server on port 80.  Any other server that is detected is a
>     violation of policy and would need to be blocked.
> https://docs.google.com/file/d/0B7WyzOL96X9QYXdFdC1XbHp2R3M/edit
> 4.) OpenVAS Heartbleed Demo (as described above):
> https://docs.google.com/file/d/0B7WyzOL96X9QMzRMR1UzX09vRDA/edit
> 5.) Earlier prototype of my thesis working with XEN instead of KVM:
> https://docs.google.com/file/d/0B7WyzOL96X9QTVowem1ZYjJrRWM/edit
> I would be happy to answer any questions you may have.
> Thank You
> --
> Mike Grima, RHCE
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list