cfn/cfn-security
Code Issues Proposed changes
8590ea5f38
cfn-security/sub-group-introduction.md
luli abc3484442 add introduction 
Change-Id: I2bd842c8249bbd932e87cf26dfa2ed6cac0c633b
2024-06-04 17:54:51 +08:00

2.8 KiB
Raw Blame History

CFN-Security Sub-group Introduction

Project Facts

Project Creation Date: 2024/04/25

Primary Contact: Li Lu & luli@chinamobile.com

Project Lead: Huizheng Geng&genghuizheng@chinamobile.com

Committers: Jing Cao& caojing1@caict.ac.cn, Longhai Zhu&zhulh@siwei.com, Tingting Yang&yangtingting@chinamobile.com, Yu Wang&wangyuyjy@chinamobile.com, Yingqing Liu&liuyingqing@chinamobile.com@chinamobile.com, Li Lu&luli@chinamobile.com,PengLin Yang&yangpenglin@hygon.cn

Mailing List: computing-force-network@lists.opendev.org

Meetings: Use bi-weekly meeting of CFN WG

Repository: https://opendev.org/cfn/cfn-security 

StoryBoard: https://storyboard.openstack.org/#!/project/cfn/cfn-security

Open Bugs: TBD

Introduction

CFN deeply integrates cloud computing, network and other technologies, can provide ubiquitous computing power and realize the optimal allocation of resources. CFN provides a powerful infrastructure for data processing and computing. However, due to the special architecture and idea of CFN, CFN itself and the services running in CFN may face certain security problems, and it is necessary to explore security solutions. Some security risks and considerations are listed below. Security levels are different among computing nodes in CFN, risks of data leakage and data tempering are high on low security computing nodes, so it is necessary to introduce mechanisms of secure computing and storage to keep data security. Service data may be delivered to multiple nodes and it is difficult to locate the data leakage point and responsibility, so introducing the mechanism of data flow security is necessary. Many dynamic connections of node to node across systems and domains will be established, which provides more attack paths to network attackers and increase risks for computing nodes, so it is necessary to introduce special security consideration for network resources and computing resources. CFN security subgroup is committed to provide security solutions or security suggestions according to the possible security risks of the CFN itself and the services in CFN. Main jobs include: 1 Research on security functions that CFN should support and the security suggestions for each component of CFN. 2 Analyzes the security risks of computing or storage services in CFN, and proposes solutions.
3 Studies new security technologies that can be applied to CFN, and proposes the application methods of the technologies in CFN. *

Documentation & Training

None

Release Planning & Release Notes

1 CFN security risks and security control suggestions v1.0 2 CFN secure storage solution based on white-box cryptography v1.0

Before filling this part, please plan your tasks in StoryBoard at https://storyboard.openstack.org/#!/project_group/computing-force-network

Previous Releases

None