openstack security group ossg
play

OpenStack Security Group (OSSG) An Update On Our Progress And Plans - PowerPoint PPT Presentation

Mar 12, 2024 •176 likes •495 views

OpenStack Security Group (OSSG) An Update On Our Progress And Plans Bryan D. Payne Robert Clark Nathan Kinder Agenda What is OSSG? What have we been doing? What are OSSGs plans? How you can help! Introduction OSSG

  1. OpenStack Security Group (OSSG) An Update On Our Progress And Plans Bryan D. Payne Robert Clark Nathan Kinder

  2. Agenda ● What is OSSG? ● What have we been doing? ● What are OSSG’s plans? ● How you can help!

  3. Introduction

  4. OSSG Overview ● Working to improve security in OpenStack ○ Hardening, Deployment, Compliance, etc ● Currently over 150 members ● Regular meetings and discussions ○ Weekly IRC meetings ○ openstack-security mailing list https://launchpad.net/~openstack-ossg

  5. OSSG Contributions ● Documentation ● Code Review ● Threat Analysis & Review ● Assist VMT with Vulnerability Triage

  6. Icehouse Cycle Updates ● OpenStack Security Notes ● Threat Analysis & Review ● OSSG Lead Elections

  7. Plans

  8. Projects Jenkins Enhancements Developer Security Guidelines Threat Analysis OpenStack Tempest Modules Static Analysis Security Cryptography Review OpenStack Security Notes OpenStack Security Guide

  9. Key Projects Jenkins Enhancements Developer Security Guidelines Threat Analysis OpenStack Tempest Modules Static Analysis Security Cryptography Review OpenStack Security Notes OpenStack Security Guide

  10. Best Practices Jenkins Enhancements Developer Security Guidelines Threat Analysis OpenStack Tempest Modules Static Analysis Security Cryptography Review OpenStack Security Notes OpenStack Security Guide

  11. Stretch Goals Jenkins Enhancements Developer Security Guidelines Threat Analysis OpenStack Tempest Modules Static Analysis Security Cryptography Review OpenStack Security Notes OpenStack Security Guide

  12. Key Projects ● Primary Focus Threat Analysis ● Already Providing Value ● Individually Lead Projects OpenStack OpenStack Security Guide Security ● Good opportunity for new contributors OpenStack Security Notes ● Significant Domain Expertise

  13. Best Practices ● Skeleton Projects ● Bootstrapped Cryptography Review ● Ready to provide value ● Maturity Indicators OpenStack Security ● Low bar to entry Developer Security Guidelines ● OSSG support ● Demonstrated need

  14. Stretch Goals ● Not really in scope Jenkins Enhancements ● Some easy wins ● Separately Lead Projects ● Waiting on outside OpenStack innovation Static Analysis Security ● Codify Security Guidelines Tempest Modules ● Higher bar to entry ● Jenkins - Job Writing ● Infrastructure Hooks ● Tempest - Template / Test

  15. Threat Analysis

  16. Threat Analysis ● Community Lead ● Growing list of participants ● Keystone review in flight ● Others to follow ● Similar lines to OWASP T/M https://wiki.openstack.org/wiki/Security/Threat_Analysis

  17. Threat Analysis

  18. Threat Analysis ● Calling on major players to contribute ● We are all missing things ● Massive duplication of effort ● Others to follow ● Delta reviews

  19. OpenStack Security Notes (OSSN)

  20. What are Security Notes? ● Notices for security related issues that do not qualify as vulnerabilities or advisories (OSSA). ● Intended to raise awareness of security issues that can be mitigated without code changes. ● Security related “knowledge base”.

  21. Security Note Examples ● OSSN-0013 - Some versions of Glance do not apply property protections as expected ● OSSN-0012 - OpenSSL Heartbleed vulnerability can lead to OpenStack compromise ● OSSN-0011 - Heat templates with invalid references allows unintended network access ● OSSN-0010 - Sample Keystone v3 policy exposes privilege escalation vulnerability ● OSSN-0009 - Potential token revocation abuse via group membership ● OSSN-0008 - DoS style attack on noVNC server can lead to service interruption or disruption ● OSSN-0007 - Live migration instructions recommend unsecured libvirt remote access

  22. Security Note Publishing ● Published to the user and development mailing lists. openstack@lists.openstack.org ○ ○ openstack-dev@lists.openstack.org ● Published on the OpenStack wiki ○ https://wiki.openstack.org/wiki/Security_Notes ● Listed in the OpenStack Community Weekly Newsletter.

  23. Process Changes (since Havana) ● Creation and review process has been formalized. ○ https://wiki.openstack.org/wiki/Security/Security_Note_Process Gerrit workflow is used for reviews. ○ ● Security Notes are published to the OpenStack wiki. ○ https://wiki.openstack.org/wiki/Security/Security_Notes ● Security Notes are uniquely identified. ○ OSSN-0001, OSSN-0002, etc.

  24. Process Changes (results) ● Increased output ○ 3 OSSN published during Havana cycle. ○ 10 OSSN published during Icehouse cycle. ● Increased quality ○ Gerrit allows for more granular review feedback. ○ Approval requires review by 2 OSSG core members and PTL or core member of affected project(s).

  25. Future Improvements ● Publish Security Notes into the OpenStack Security Guide. ● Add automatic gate jobs for formatting checks and automatic publishing. ● Review published Security Notes to identify ways of preventing similar future issues.

  26. OpenStack Security Guide

  27. OpenStack Security Guide ● Created summer 2013 ● Converted to docbook ● Edits through gerrit ● Ramping up maintenance and editing efforts http://docs.openstack.org/sec/

  28. Getting Involved

  29. OpenStack Projects “The Glue” ● Improve available security ● Document best practices ● Simplify security compliance ● Work with builders, ops, users

  30. Ways to Participate ● Key Projects ● Best Practices ● IRC meetings OSSG ● Code reviews ● Mailing list ● Relationship management

  31. Questions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenStack and Cars the OpenStack Journey of the Volkswagen Group Holger Urban / Tilman

OpenStack and Cars the OpenStack Journey of the Volkswagen Group Holger Urban / Tilman

OpenStack and Cars the OpenStack Journey of the Volkswagen Group Holger Urban / Tilman Schulz #ThinkReinvented Volkswagen Group ~ 10 million Vehicles per year > 600 thousand Employees > 167 Locations // Disruption of the

434 views • 18 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

742 views • 56 slides
Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and

Introduction to OpenStack Nabil Abdennadher, HES-SO What is OpenStack ? Free and open-source cloud-computing software platform. Provides services for managing a Cloud environment on the fly. Consists of a group of interrelated

781 views • 43 slides
What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can find me at @tcarrez on Twitter And ttx on IRC No, really What is OpenStack ? An open source project A common goal A coalition of

672 views • 33 slides
Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick Mike Dorman cjellick@godaddy.com mdorman@godaddy.com Go Daddy OpenStack Cloud Platform Group Agenda OpenStack at Go Daddy Keystone

875 views • 28 slides
Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of OpenStack Technical Committee Python Software Foundation member ttx @ tcarrez @ Cloud ? Buzzword Infrastructure as a service Compute,

700 views • 28 slides
BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ SOFTWARE ENGINEER AT RED HAT CO-FOUNDER LINUXCHIX ARGENTINA WHAT IS OPENSTACK? BRIEF OVERVIEW OPENSTACK OVERVIEW IAAS... AND MORE! + RUNNING

548 views • 36 slides
Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack OpenStack is an open source software platform for cloud computing. Mostly deployed as infrastructure-as-a-service (IaaS), whereby virtual servers and

464 views • 25 slides
OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman,

OpenStack Summit Primer: The Who, What, Why, and How of OpenStack Presented by Ben Silverman, Cincinnati Bell Technology Services Monday, May 13, 2019 BS DETAILS 30+ years of IT experience 6+ years experience with OpenStack Former

376 views • 36 slides
Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016

Build your own Web Portal using OpenStack APIs and Services OpenStack Summit in Austin 2016 April 27, 2016 IBM Japan Systems Engineering Co.,Ltd. Machi Hoshino OpenStack Summit in Austin 2016 Outline Introduction What is OpenStack

685 views • 42 slides
GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as Pre-Sales Engineer. Working on some OpenStack PoC projects. Proposing OpenStack system to a manufacturer Investigating OpenStack issues reading some

580 views • 32 slides
Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release

Coordination and Leadership challenges in producing OpenStack Thierry Carrez (@tcarrez) Release management PTL OpenStack is large & growing 130 git repositories 1.8+ MLOC Stats by OpenStack is complex OpenStack is painful

597 views • 30 slides
Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez)

Preventing craziness A deep dive into OpenStack testing automation Thierry Carrez (@tcarrez) Release manager, OpenStack OpenStack is large & growing 95+ code repositories 1.9+ MLOC Stats by OpenStack is complex 9 integrated

497 views • 48 slides
OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the

May 2018 OpenStack Charms Project Update, OpenStack Summit Vancouver James Page (jamespage) What are the OpenStack Charms? commit 4b30ccbd044be76be66c1bb6f9669dba352147b6 Author: Adam Gandelman <adamg@canonical.com> Date: Tue Jul 5

403 views • 19 slides
OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers

OpenStack Hackathon Rio de Janeiro, Brazil - 2017 OpenStack Hackathons Help app developers build knowledge and skill for cloud-native applications Develop new relationships and discover new talent in your local community Practice

964 views • 22 slides
OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) Virtual Networking Overview Provides a logical network abstraction on top of a

660 views • 26 slides
Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security

628 views • 43 slides
Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO

Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO

11/7/2017 Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO LParks@SecureRF.com Derek Atkins, CTO Datkins@SecureRF.com Authentication and Data Protection For the Smallest Internet of Things

430 views • 16 slides
BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems

BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems

1 BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems business GPS Business and Raytheons Airborne Tactical Radios business Radios Business 20 January 2020 Beta SENSITIVE 2

162 views • 14 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford DEcentralized and DIstributed Systems Goal Anonymity Accountability Usability 2 Ring Signature Anonymous Spontaneous 3 Linkable Ring

372 views • 24 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58 Our

1.39k views • 82 slides
ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :) CRYPTOGRAPHY? Blowfish Twofish Rabbit Salsa20 AES OFB

1.03k views • 69 slides

More recommend