Open Stack

On 23/01/19 9:09 AM, Darek Król wrote:
> On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
>> Last time I heard (which was probably mid-2017), the Trove team had
>> implemented encryption for messages on the RabbitMQ bus. IIUC each DB being
>> managed had its own encryption keys, so that would theoretically prevent
>> both snooping and spoofing of messages. That's the good news.
>>
>> The bad news is that AFAIK it's still using a shared RabbitMQ bus, so
>> attacks like denial of service are still possible if you can extract the
>> shared credentials from the VM. Not sure about replay attacks; I haven't
>> actually investigated the implementation.
>>
>> cheers,
>> Zane.
> 
>> Excellent - many thanks for the confirmation.
>>
>> Cheers,
>> Michael
> 
> Hello Michael and Zane,
> 
> sorry for the late reply.
> 
> I believe Zane is referring to a video from 2017 [0].
> Yes, messages from trove instances are encrypted and the keys are kept
> in Trove DB. It is still a shared message bus, but it can be a message
> bus dedicated for Trove only and separated from message bus shared by
> other Openstack services.
> 
> DDOS attacks are also mentioned in the video as a potential threat but
> there is very little details and possible solutions.

Yes, in fact that was me asking the question in that video :)

> Recently we had
> some internal discussion about this threat within Trove team. Maybe we
> could user Rabbitmq mechanisms for flow control mentioned in [1,2,3] ?
> 
> Another point, I'm wondering if this is a problem only in Trove or is
> it something other services would be interesting in also ?
> 
> Best,
> Darek
> 
> [0] https://youtu.be/dzvcKlt3Lx8
> [1] https://www.rabbitmq.com/flow-control.html
> [2] http://www.rabbitmq.com/blog/2012/04/17/rabbitmq-performance-measurements-part-1/
> [3] https://tech.labs.oliverwyman.com/blog/2013/08/31/controlling-fast-producers-in-a-rabbit-as-a-service/
>