[openstack-dev] [Security] the need about implementing a MAC security hook framework for OpenStack

Yang Luo hsluoya at gmail.com
Wed Jun 17 06:46:55 UTC 2015


Hi list,

  I'd like to know the need about implementing a MAC (Mandatory Access
Control) security hook framework for OpenStack, just like the Linux
Security Module to Linux. It can be used to help construct a security
module that mediates the communications between OpenStack nodes and
controls distribution of resources (i.e., images, network, shared disks).
This security hook framework should be cluster-wide, dynamic policy
updating supported, non-intrusive implemented and with low performance
overhead. The famous module in LSM, SELinux can also be imported into this
security hook framework. In my point, as OpenStack has become a leading
cloud operating system, it needs some kind of security architecture as
standard OS.

I am a Ph.D student who has been following OpenStack security closely for
nearly 1 year. This is just my initial idea and I know this project won't
be small, so before I actually work on it, I'd like to hear your
suggestions or objections about it. Thanks!

Best,
Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150617/c08cabf1/attachment.html>


More information about the OpenStack-dev mailing list