OpenStack Summit May 2014 Atlanta

Originally organized in Fall 2012, the OpenStack Security Group (OSSG) now fills many critical security roles within the OpenStack Community. From assisting the Vulnerability Management Team (VMT) to consulting with projects about security best practices and testing technique, the OSSG has kept very busy. This talk will highlight the group’s recent work and set the direction for future work. Anyone interested in OpenStack security should attend.

Come to learn about all of the interesting work happening in OSSG. Here’s a sampling of what we will discuss:

• OpenStack Security Notes (OSSNs)
• OpenStack Security Guide
• Invited security review of Ironic
• Security guidelines for projects
• Security testing

This session will bring the attendee up to date on the current state of the art in OpenStack Security. This talk will start with a high level state of the stack" that covers a review of the security enhancements between Havana and IceHouse as well as a review of current vulnerabilities, advisiories, and open issues. They will then discuss the results of an extensive root cause analysis which will discuss findings on how vulnerabilities happen in OpenStack, and how to make OpenStack a more secure, mature, platform for Enterprise.

Private clouds are much more than just a public cloud behind a firewall. Private clouds reach into the enterprise and have deep integration with key shared infrastructure that is external to the cloud such as LDAP, Storage, VLANs, DNS, NTP, etc. Furthermore, private clouds have a different threat profile. Users may be from the same organization, but insider attacks and targeted external attacks motivate unique security solutions.
This talk begins with a look at the different threats between public and private clouds, both technical and human. Then we will explore how these differences motivate different security solutions for private cloud deployments. This talk will cover both high level concepts and technical details, providing useful information for anyone interested in private cloud security.

Cloud computing provides obvious economic and manageability benefits. Unused resources in production environments can be used to deploy development instances. Public clouds mean we can avoid buying rooms full of mostly idle hardware just to cater for worst case scenarios. And, thanks to hypervisors imposing isolation between instances, this should all come at no cost to security.
But is that true? What happens if someone does break out of a guest? What damage can they do? How can we detect it? What's the absolutely worst case scenario? With increasing levels of concern over low-level system vulnerabilities, how can we reassure users that their cloud environments are secure?
This presentation will cover the various techniques and technologies required to build a truly trustworthy cloud, ranging from boot attestation to runtime introspection. It will also discuss techniques that attackers can potentially use to gain persistent access to systems, perhaps even over reinstallation.

A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes. In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard. We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance. We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.

This presentation will cover architectural and procedural security concepts within KeyStone, specifically Trusts or Delgations, AMQP Security with KeyStone and integration with a Corporate LDAP for single source of truth.

Given the distributed nature of OpenStack KeyStone plays a major role in binding all of the Projects together but not much is mentioned about how to do this with KeyStone or what the pitfalls and dangers of hooking up a centralized Security System to the rest of the cloud will be. Not only do you have to be wary of the services that connect to KeyStone but you also have to be cautious of the kinds of input and data you give to KeyStone from external sources.

The security and protection of the Identity and Token repository for OpenStack or other services needs to be the most protected component within your Cloud Infrastructure.

Today's corporate security groups are not staffed to handle the specialized skills needed to perform code analysis and security testing from OpenStack. This discussion will focus on three areas: 1. Who should be responsible for testing (hint: a specialized group of ninjas; 2. Automating API and Code testing w/demo; how this translates into better code in OpenStack.
There is a paradigm shift in how security testing is being conducted by software companies. The benefits of moving security testing away from an info-security" perspective will make security testing a repeatable process that is streamlined, more efficient, and more secure in OpenStack environment.
"

Architecting a standards compliant cloud can be difficult. There are emerging cloud specific security standards such as FedRAMP and CSA that should be considered in addition to existing NIST/ISO and PCI-DSS standards. OpenStack workflows and resources that exist today either fully or partially meet these common compliance requirements. We will discuss areas that need work and areas that appear to be in good shape.
The talk includes a study of PayPal’s experience in reviewing OpenStack security as relates to complying with PCI-DSS in their private cloud and existing data center environment. It dives into the many design decisions PayPal made within their environment considering whether to use physical versus logical devices, review hypervisor versus guest compliance, and whether to maintain separate management networks for PCI versus non-PCI traffic.

Security concerns remain a strong deterrent to enterprise acceptance of the cloud, especially with recent events illustrating the vulnerability of data in the cloud. As OpenStack-based clouds have been focused on providing the environment needed for elastic, on-demand multi-tenant applications, how security, isolation and policies are enforced has largely been unclear. This talk will explore the changing nature of the network as it transitions to new models more suited to the cloud with SDN, NFV and Virtual Network Infrastructure, and the inter-relationship between networking, and security and policy enforcement. It will explore why and how security and policy enforcement should be integrated into the networking design of OpenStack cloud environments.