openstack/openstack-manuals
Code Issues Proposed changes
eb6a27bdc4
openstack-manuals/doc/security-guide/ch053_case-studies-instance-isolation.xml
Rhys Oxenham 003980f9f0 Modify the Case Study name to represent content 
The case studies in the Security Guide are all provided with
a basic chapter title of "Case Study". There's no clarity as
to which chapter they represent. For readability and usability
this should be updated so that both the index and document
content are accurate.

Change-Id: Id27f8512c26189ce9e2edbf6f605692e581bcddc
Closes-Bug: 1248918
2013-12-16 00:02:24 +00:00

17 lines
2.7 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch053_case-studies-instance-isolation"><?dbhtml stop-chunking?>
<title>Case Studies: Instance Isolation</title>
<para>In this case study we discuss how Alice and Bob would ensure that  their instances are properly isolated. First we consider hypervisor selection, and then techniques for hardening QEMU and applying mandatory access controls.</para>
<section xml:id="ch053_case-studies-instance-isolation-idp480000">
<title>Alice's Private Cloud</title>
<para>Alice chooses Xen for the hypervisor in her cloud due to a strong internal knowledge base and a desire to use the Xen security modules (XSM) for fine-grained policy enforcement.</para>
<para>Alice is willing to apply a relatively large amount of resources to software packaging and maintenance. She will use these resources to build a highly customized version of QEMU that has many components removed, thereby reducing the attack surface. She will also ensure that all compiler hardening options are enabled for QEMU. Alice accepts that these decisions will increase long-term maintenance costs.</para>
<para>Alice writes XSM policies (for Xen) and SELinux policies (for Linux domain 0, and device domains) to provide stronger isolation between the instances. Alice also uses the Intel TXT support in Xen to measure the hypervisor launch in the TPM.</para>
</section>
<section xml:id="ch053_case-studies-instance-isolation-idp482832">
<title>Bob's Public Cloud</title>
<para>Bob is very concerned about instance isolation since the users in a public cloud represent anyone with a credit card, meaning they are inherently untrusted. Bob has just started hiring the team that will deploy the cloud, so he can tailor his candidate search for specific areas of expertise. With this in mind, Bob chooses a hypervisor based on its technical features, certifications, and community support. KVM has an EAL 4+ common criteria rating, with a layered security protection profile (LSPP) to provide added assurance for instance isolation. This, combined with the strong support for KVM within the OpenStack community drives Bob's decision to use KVM.</para>
<para>Bob weighs the added cost of repackaging QEMU and decides that he cannot commit those resources to the project. Fortunately, his Linux distribution has already enabled the compiler hardening options. So he decides to use this QEMU package. Finally, Bob leverages sVirt to manage the SELinux polices associated with the virtualization stack.</para>
</section>
</chapter>
View Git Blame Copy Permalink