Sentry
Sentry is an OpenStack internal tool which provides host security attestation in order to prove if the host can be trusted or not.
We assume that some hosts in our cluster have TPM for the secure generation of cryptographic keys, a random number generator, data encrypting, remote attestation, etc.
The main use case: A user wants to boot his instances only on trusted hosts. If the host stops to be trusted, it is excluded out of trusted hosts’ pool and no one service can get an access to it.
General Design:
Sentry consists of the following parts. Attestation service is working on a Balancer node. Agents are working on every host in a cluster. Once in some amount of time (for example, 5 sec) an attestation service sends a request to an attestation agent to receive a special secure information about agent's host. The agent responses information about the host state, then the attestation service checks this information with the measured one in service’s data base and return a result to a security controller. Security controller acts depending on this result.
If everything is ok, the host stays in a trusted hosts pool. If not, the host is isolated from a whole system using network and neither services can get access to it, nor it itself can send requests. All requests and responses (including REST, AMQP, SQL, etc.) go through Sentry node.
General architecture is shown here https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
--