Open Stack

On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
> Last time I heard (which was probably mid-2017), the Trove team had
> implemented encryption for messages on the RabbitMQ bus. IIUC each DB being
> managed had its own encryption keys, so that would theoretically prevent
> both snooping and spoofing of messages. That's the good news.
>
> The bad news is that AFAIK it's still using a shared RabbitMQ bus, so
> attacks like denial of service are still possible if you can extract the
> shared credentials from the VM. Not sure about replay attacks; I haven't
> actually investigated the implementation.
>
> cheers,
> Zane.

> Excellent - many thanks for the confirmation.
>
> Cheers,
> Michael

Hello Michael and Zane,

sorry for the late reply.

I believe Zane is referring to a video from 2017 [0].
Yes, messages from trove instances are encrypted and the keys are kept
in Trove DB. It is still a shared message bus, but it can be a message
bus dedicated for Trove only and separated from message bus shared by
other Openstack services.

DDOS attacks are also mentioned in the video as a potential threat but
there is very little details and possible solutions. Recently we had
some internal discussion about this threat within Trove team. Maybe we
could user Rabbitmq mechanisms for flow control mentioned in [1,2,3] ?

Another point, I'm wondering if this is a problem only in Trove or is
it something other services would be interesting in also ?

Best,
Darek

[0] https://youtu.be/dzvcKlt3Lx8
[1] https://www.rabbitmq.com/flow-control.html
[2] http://www.rabbitmq.com/blog/2012/04/17/rabbitmq-performance-measurements-part-1/
[3] https://tech.labs.oliverwyman.com/blog/2013/08/31/controlling-fast-producers-in-a-rabbit-as-a-service/