I think this is very interesting and would love to see the code for it. The blueprint mentions performing checks beyond what Open Attestation provides, "add dynamic check to verify memory" - this is probably a stretch goal as process memory verification is extremely complex. I'm not aware of anyone doing it well though I'd love to be corrected on that point. I also wonder how, if working outside of Open Attestation (and I'm assuming outside of TPM) how you will assert that attestations are accurate. I'm sure the intel guys will have a lot to contribute here and I'm excited to see people working to improve Compute security with cool projects such as this one. -Rob > -----Original Message----- > From: Grant Murphy [mailto:gmurphy at redhat.com] > Sent: 23 June 2014 00:49 > To: OpenStack Development Mailing List (not for usage questions); > openstack-security at lists.openstack.org > Cc: Vasiliy Artemev; David Yuan > Subject: Re: [Openstack-security] [openstack-dev] Periodic Security Checks > > Adding openstack-security to the thread. In case folks on OSSG don't > monitor this list. > > ----- Original Message ----- > > From: "Alexandr Naumchev" <anaumchev at gmail.com> > > To: openstack-dev at lists.openstack.org > > Cc: "Amey Ghadigaonkar" <gamoholic010 at gmail.com>, "Vasiliy Artemev" > <vasart at gmail.com>, "David Yuan" > > <david.yuanhome at gmail.com> > > Sent: Sunday, June 22, 2014 4:33:35 AM > > Subject: [openstack-dev] Periodic Security Checks > > > > Hello! > > We have blueprints here: > > > > https://blueprints.launchpad.net/horizon/+spec/periodic-security-check > > s > > > > and here: > > > > https://blueprints.launchpad.net/nova/+spec/periodic-security-checks/ > > > > And we already have some code. Is it necessary to approve the > > blueprint before contributing the code? In any case, could someone > > review the aforementioned blueprints? > > Thanks! > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > Openstack-security mailing list > Openstack-security at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6187 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140623/f481474b/attachment.bin>