From 003980f9f02b0159f12e7d182094fac08c630133 Mon Sep 17 00:00:00 2001 From: Rhys Oxenham Date: Mon, 16 Dec 2013 00:02:24 +0000 Subject: [PATCH] Modify the Case Study name to represent content The case studies in the Security Guide are all provided with a basic chapter title of "Case Study". There's no clarity as to which chapter they represent. For readability and usability this should be updated so that both the index and document content are accurate. Change-Id: Id27f8512c26189ce9e2edbf6f605692e581bcddc Closes-Bug: 1248918 --- doc/security-guide/ch009_case-studies.xml | 2 +- doc/security-guide/ch015_case-studies-management.xml | 2 +- doc/security-guide/ch018_case-studies-pkissl.xml | 2 +- doc/security-guide/ch022_case-studies-api-endpoints.xml | 2 +- doc/security-guide/ch028_case-studies-identity-management.xml | 2 +- doc/security-guide/ch035_case-studies-networking.xml | 2 +- doc/security-guide/ch039_case-studies-messaging.xml | 2 +- doc/security-guide/ch044_case-studies-database.xml | 2 +- doc/security-guide/ch049_case-studies-tenant-data.xml | 2 +- doc/security-guide/ch053_case-studies-instance-isolation.xml | 2 +- doc/security-guide/ch056_case-studies-instance-management.xml | 2 +- doc/security-guide/ch059_case-studies-monitoring-logging.xml | 2 +- doc/security-guide/ch066_case-studies-compliance.xml | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/doc/security-guide/ch009_case-studies.xml b/doc/security-guide/ch009_case-studies.xml index 549c9f3a37..b82386394b 100644 --- a/doc/security-guide/ch009_case-studies.xml +++ b/doc/security-guide/ch009_case-studies.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: System Documentation In this case study we discuss how Alice and Bob would address their system documentation requirements. The documentation suggested above includes hardware and software records, network diagrams, and system configuration details.
Alice's Private Cloud diff --git a/doc/security-guide/ch015_case-studies-management.xml b/doc/security-guide/ch015_case-studies-management.xml index aa81496977..c58b80f3ff 100644 --- a/doc/security-guide/ch015_case-studies-management.xml +++ b/doc/security-guide/ch015_case-studies-management.xml @@ -6,7 +6,7 @@ version="5.0" xml:id="ch015_case-studies-management"> - Case Studies + Case Studies: Management Interfaces Previously we discussed typical OpenStack management interfaces and associated backplane issues. We will now approach these issues by returning to our Alice and Bob case study. diff --git a/doc/security-guide/ch018_case-studies-pkissl.xml b/doc/security-guide/ch018_case-studies-pkissl.xml index cc167dd293..38ca4c563b 100644 --- a/doc/security-guide/ch018_case-studies-pkissl.xml +++ b/doc/security-guide/ch018_case-studies-pkissl.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: PKI and Certificate Management In this case study we discuss how Alice and Bob would address deployment of PKI certification authorities (CA) and certificate management.
Alice's Private Cloud diff --git a/doc/security-guide/ch022_case-studies-api-endpoints.xml b/doc/security-guide/ch022_case-studies-api-endpoints.xml index a8e7804ed7..fb69127e61 100644 --- a/doc/security-guide/ch022_case-studies-api-endpoints.xml +++ b/doc/security-guide/ch022_case-studies-api-endpoints.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: API Endpoints In this case study we discuss how Alice and Bob would address endpoint configuration to secure their private and public clouds. Alice's cloud is not publicly accessible, but she is still concerned about securing the endpoints against improper use.  Bob's cloud, being public, must take measures to reduce the risk of attacks by external adversaries.
Alice's Private Cloud diff --git a/doc/security-guide/ch028_case-studies-identity-management.xml b/doc/security-guide/ch028_case-studies-identity-management.xml index 41bc0febb3..9d8deb30f9 100644 --- a/doc/security-guide/ch028_case-studies-identity-management.xml +++ b/doc/security-guide/ch028_case-studies-identity-management.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Identity Management In this case study we discuss how Alice and Bob would address configuration of OpenStack core services. These include the Keystone Identity service, Dashboard, and Compute services. Alice will be concerned with integration into the existing government directory services, while Bob will need to provide access to the public.
Alice's Private Cloud diff --git a/doc/security-guide/ch035_case-studies-networking.xml b/doc/security-guide/ch035_case-studies-networking.xml index f8ac49c72a..1144aa2ca9 100644 --- a/doc/security-guide/ch035_case-studies-networking.xml +++ b/doc/security-guide/ch035_case-studies-networking.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Networking In this case study we discuss how Alice and Bob would address providing networking services to the user.
Alice's Private Cloud diff --git a/doc/security-guide/ch039_case-studies-messaging.xml b/doc/security-guide/ch039_case-studies-messaging.xml index 0f2fd8a876..8144af793c 100644 --- a/doc/security-guide/ch039_case-studies-messaging.xml +++ b/doc/security-guide/ch039_case-studies-messaging.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Messaging The message queue is a critical piece of infrastructure that supports a number of OpenStack services but is most strongly associated with the Compute service. Due to the nature of the message queue service, Alice and Bob have similar security concerns. One of the larger concerns that remains is that many systems have access to this queue and there is no way for a consumer of the queue messages to verify which host or service placed the messages on the queue. An attacker who is able to successfully place messages on the queue is able to create and delete VM instances, attach the block storage of any tenant and a myriad of other malicious actions. There are a number of solutions on the horizon to fix this, with several proposals for message signing and encryption making their way through the OpenStack development process.
Alice's Private Cloud diff --git a/doc/security-guide/ch044_case-studies-database.xml b/doc/security-guide/ch044_case-studies-database.xml index 927879c0c9..91977290b0 100644 --- a/doc/security-guide/ch044_case-studies-database.xml +++ b/doc/security-guide/ch044_case-studies-database.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Database In this case study we discuss how Alice and Bob would address database selection and configuration for their respective private and public clouds.
Alice's Private Cloud diff --git a/doc/security-guide/ch049_case-studies-tenant-data.xml b/doc/security-guide/ch049_case-studies-tenant-data.xml index 378c13e93d..6b1321b46f 100644 --- a/doc/security-guide/ch049_case-studies-tenant-data.xml +++ b/doc/security-guide/ch049_case-studies-tenant-data.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Tenant Data Returning to Alice and Bob, we will use this section to dive into their particular tenant data privacy requirements. Specifically, we will look into how Alice and Bob both handle tenant data, data destruction, and data encryption.
Alice's Private Cloud diff --git a/doc/security-guide/ch053_case-studies-instance-isolation.xml b/doc/security-guide/ch053_case-studies-instance-isolation.xml index cc50cd9148..915c964d69 100644 --- a/doc/security-guide/ch053_case-studies-instance-isolation.xml +++ b/doc/security-guide/ch053_case-studies-instance-isolation.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Instance Isolation In this case study we discuss how Alice and Bob would ensure that  their instances are properly isolated. First we consider hypervisor selection, and then techniques for hardening QEMU and applying mandatory access controls.
Alice's Private Cloud diff --git a/doc/security-guide/ch056_case-studies-instance-management.xml b/doc/security-guide/ch056_case-studies-instance-management.xml index a38e4d56b9..47444480e0 100644 --- a/doc/security-guide/ch056_case-studies-instance-management.xml +++ b/doc/security-guide/ch056_case-studies-instance-management.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Instance Management In this case study we discuss how Alice and Bob would architect their clouds with respect to instance entropy, scheduling instances, trusted images, and instance migrations.
Alice's Private Cloud diff --git a/doc/security-guide/ch059_case-studies-monitoring-logging.xml b/doc/security-guide/ch059_case-studies-monitoring-logging.xml index 1ba583b77b..1764384795 100644 --- a/doc/security-guide/ch059_case-studies-monitoring-logging.xml +++ b/doc/security-guide/ch059_case-studies-monitoring-logging.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Monitoring and Logging In this case study we discuss how Alice and Bob would address monitoring and logging in the public vs a private cloud. In both instances, time synchronization and a centralized store of logs become extremely important for performing proper assessments and troubleshooting of anomalies. Just collecting logs is not very useful, a robust monitoring system must be built to generate actionable events.
Alice's Private Cloud diff --git a/doc/security-guide/ch066_case-studies-compliance.xml b/doc/security-guide/ch066_case-studies-compliance.xml index 26cb5abea1..4023721588 100644 --- a/doc/security-guide/ch066_case-studies-compliance.xml +++ b/doc/security-guide/ch066_case-studies-compliance.xml @@ -1,6 +1,6 @@ - Case Studies + Case Studies: Compliance In this case study we discuss how Alice and Bob would address common compliance requirements. The preceding chapter refers to a wide variety of compliance certifications and standards. Alice will address compliance in a private cloud, while Bob will be focused on compliance for a public cloud.
Alice's Private Cloud