Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building an OpenStack Security Group

Building an OpenStack Security Group

OpenStack Summit, Fall 2012. As OpenStack continues to mature, it is increasingly important for the community to be proactive in improving security. The OpenStack Security Group (OSSG) is a new effort led by Nebula and HP to bring together security professionals who can work to address this need. Our goal is to create a group that complements the Vulnerability Management Team by working to improve the security in each project's software architecture, contributing software to address security relevant blueprints and bugs, and providing cross-project security assessments. This talk will introduce the OSSG and describe some of our early success stories, while starting a conversation about the best path forward for OpenStack security. https://www.openstack.org/summit/san-diego-2012/openstack-summit-sessions/presentation/building-an-openstack-security-group

Bryan Payne

October 18, 2012

More Decks by Bryan Payne

Other Decks in Technology


  1. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   4  
  2. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   5  
  3. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   6  
  4. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   7  
  5. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   8  
  6. Computer  Security:  What  We  Know   Be#er   Worse  

    Design  for  security  from  the  start   Retrofit  security  when  it’s  important   Understand  your  threats   Just  make  it  secure   Understand  your  goals   Seriously,  just  add  some  security   Pervasive  security  culture   That  paranoid  guy  has  it  under  control   10/17/12   13  
  7. Current  Approach   •  Vulnerability   Management  Team    

    •  People  star_ng  to  think   about  security     10/17/12   14  
  8. OpenStack  Security  Challenges   •  Security  as  an  aSerthought  

    •  Security  as  silos   •  Security  by  non-­‐experts     10/17/12   15  
  9. OpenStack  Security  Group  (OSSG)   •  Security  expert  resource  for

     OS   •  Build  security  culture  within  OS  community   10/17/12   16  
  10. OSSG  Details   •  Place  at  least  one  security  engineer

     on  each  core  project   –  Code  review   –  Implement  blueprints   –  Design  blueprints   •  Have  at  least  one  person  working  cross  project   –  Write  technical  documenta_on   –  Integra_ng  security  into  con_nuous  integra_on   –  Iden_fy  cross  project  security  concerns   •  Mailing  list  to  have  security  discussions   10/17/12   18  
  11. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained

    herein is subject to change without notice. Observations from Summit 2012
  12. OSSG  Next  Steps   •  Will  require  community-­‐level  involvement  

    •  Now  “hiring”  for  OSSG!!   – Security  Engineers   – Technical  Writers   – OpenStack  Deployment  Exper_se   10/17/12   23