Reset established vnc connections

Registered by Loganathan Parthipan on 2013-07-13

Currently a vnc console access token provides unlimited time access to the VM once a connection is established. While the token validity period can be controlled, an established connection cannot be torn without altering either vm state or proxy service.

This has security implications. Suppose a token leaks to an adversary, by means of active snooping or human carelessness, and the adversary makes a connection, she can then passively watch the VM console and gather sufficient information to get an ssh connection. While it is difficult to prevent user errors, Nova can help an alerted user by providing a safety abort mechanism. The aim of this blueprint is to provide such a mechanism to a user to reset all established vnc connections to a given VM.

Blueprint information

Status:
Not started
Approver:
Russell Bryant
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Review
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

No work has happened, no milestone targeted, need better spec of a solution, resetting --johnthetubaguy

I don't have time to work on this at the moment. I'll get back to it later, but meanwhile, if anyone's interested please pick it up. Thanks.

Unapproved - please re-submit via nova-spec --johnthetubagy (20th March 2014)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.