OpenStack Compute (nova)

Build trusted computing pool using H/W security feature, such as Intel TXT.

Registered by Jun Nakajima on 2010-10-29

The feature will allow one to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the hosting provider and users can ensure that verified measurement of software be running in the cloud. Such remote attestation services can be developed by using SDK that we plan to provide. Policy-based scheduling will be used to find "trusted" nodes.

Blueprint information

Status:: Complete

Approver:: Rick Clark

Priority:: Undefined

Drafter:: Jun Nakajima

Direction:: Needs approval

Assignee:: Jun Nakajima

Definition:: Obsolete

Series goal:: None

Implementation:: Deferred

Milestone target:: None

Completed by: Vish Ishaya on 2012-05-17

Related branches

Related bugs

Sprints

ods-b

Whiteboard

We have POC/demo systems.

The SDK will include API spec, sample code, source code of remote attestation services, and documentation. The developers can select and modify the implementation of the remote attestation, based on their needs accordingly.

We are working on a blueprint for policy based scheduling that comprehends "trusted" servers as one of the scheduling policies.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Andy Edmonds

Anil S Keshavamurthy

Anthony Liguori

Dan Mihai Dumitriu

Ewan Mellor

Hisaki Ohara

Masanori Itoh

Ram Durairaj