PowerPoint Presentation

Image Security and What You Can Do About It28 October 2015Brianna PoulosBrianna.Poulos@jhuapl.edu

#Normal Glance Image Boot PathUserGlance Nova2. Store Image5. Verify Image MD5 Hash6. Boot Image1. Upload Image Data with Properties4. Return Image and Properties3. Request ImageDuring UploadB. During StorageC. During TransferVulnerabilities

#Signature Verification

SenderReceiverSenders Private KeySenders Public Key

#Glance Image Signature VerificationUserGlance NovaKey Manager1. Create Image2. Create Asymmetric Key-Pair3. Create Certificate4. Sign Image with Private Key 9. Verify Image Signature10. Store Image15. Validate Certificate16. Verify Image Signature17. Boot Image5. Store Public Key Certificate6. Upload Image Data with Signature Properties12. Return Image and Metadata11. Request Image and Metadata8. Return Public Key Certificate13. Request Public Key Certificate14. Return Public Key Certificate7. Request Public Key Certificate= Vulnerability Mitigated

#Demo IntroductionDemo ConfigurationDevstack with stable/liberty except for NovaNova has image signature verification modificationshttps://review.openstack.org/#/c/189843/ Barbican included

Demo Instructionshttps://etherpad.openstack.org/p/liberty-glance-image-signing-instructions

#

#

#

#

#

#

#

#

#

#

#

#

#

#

#

#

#

#Liberty(Mitaka)UserGlance NovaKey Manager1. Create Image2. Create Asymmetric Key-Pair3. Create Certificate4. Sign Image with Private Key 9. Verify Image Signature10. Store Image15. Validate Certificate16. Verify Image Signature17. Boot Image5. Store Public Key Certificate6. Upload Image Data with Signature Properties12. Return Image and Metadata11. Request Image and Metadata8. Return Public Key Certificate13. Request Public Key Certificate14. Return Public Key Certificate7. Request Public Key Certificate

#Next StepsGlanceConfigurable Hash Method for Glance checksumMD5 currently in useSupport for Multiple Types of SignaturesElliptic curveDSASignature LengthUpdate Glance property size limit to support larger signatures

#Next Steps (continued)NovaInitial Signature Verification with Global Configuration FlagCertificate ValidationCreating Signatures for Snapshots

HorizonSupport Signature Creation and Validation

#SummaryImage Signature Verification guarantees image has not been modified between upload and image boot

UserNovaUsers Private KeyUsers Public Key

#

#Demo OutlineShow Key Pair and CertificateStore Certificate in CastellanRetrieve ImageCreate MD5 Hash of Image DataCreate Signature of MD5 Hash with Private KeyUpload Image with Correct Signature PropertiesShow in Logs that Signature Verification SucceededShow Signature Metadata for Image in HorizonUpload Image with No Signature PropertiesShow No Signature Metadata for Image in HorizonUpload Image with Incorrect Signature PropertiesShow Nova Configuration FlagBoot Image with No Signature MetadataShow Failure in Logs for No Signature MetadataBoot Image with Correct Signature MetadataShow Success in Logs for Correct Signature Metadata

#Show Key Pair and Certificate

#Store Certificate in Castellan

#Retrieve Image

#Create MD5 Hash of Image Data

#Create Signature of MD5 Hash with Private Key

#Upload Image with Correct Signature Properties

#Show in Logs that Signature Verification Succeeded

#Show Signature Metadata for Image in Horizon

#Upload Image with No Signature Properties

#Show No Signature Metadata for Image in Horizon

#Upload Image with Incorrect Signature Properties

#Show Nova Configuration Flag

#Boot Image with No Signature Metadata

#

41

Show Failure in Logs for No Signature Metadata

#Boot Image with Correct Signature Metadata

#Show Success in Logs for Correct Signature Metadata

#