[Openstack] RFC: Trusted computing pool for openstack
Yang, Fred
fred.yang at intel.com
Fri Jun 17 16:15:11 UTC 2011
Trusted Computing Pool blueprint was proposed and discussed at Design Summit April 2011
http://etherpad.openstack.org/trusted-computing-pools
Project goal :
Enable openstack with trusted computing pool capability. Through the capability, openstack scheduler can verify target compute node is indeed booted with expected Hypervisor before dispatch instances to the node.
Background of Trusted computing pool -
Intel Trusted Executing Technology (TXT) http://www.intel.com/technology/security/ provides platform Root of Trust to verify a platform is booted with expected Hypervisor by measuring its hash during platform boot. We have also enabled Intel TXT technology into Xen/KVM/VMWare already
Following describes flow and highlights usage model -
1. A target compute node with Intel TXT hardware is booted with TXT enabled - hypervisor will be measured, during boot time, by TXT and hashes the measurement value into TPM hardware registers per http://www.trustedcomputinggroup.org/developers/
2. Standalone Attestation Server challenges target hosts, during run-time, to retrieve TPM registers
3. Attestation Server verifies retrieved registers against Administrator pre-setup known/good hash database to decide trustworthiness of the target node is indeed booted with expected Hypervisor
The Standalone Attestation Server is 1) Cloud provider hosted, 2) Attestation Server exports Restful query API to admin in verifying target compute node(s). 3) the server verifies target compute nodes through target hostname by requesting its measurement registers
We are working on the attestation software stack currently which will also be open sourced
Approach in supporting openstack -
1. Derive flavor Host_filter drivers from zone_aware_scheduler to support API interface to Attestation Server
2. Filter driver invokes Query(HostName) thru. Attestation Server to verify compute node's trustworthiness if instance(s) specifies Trusted compute node through flavor; drops the node from candidate list if fail the verification
Through the capability, Cloud provider can build trusted computing pool and provide premiere service.
Feedback and comments are welcome,
Thanks,
-Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110617/6482e41f/attachment.html>
More information about the Openstack
mailing list