x/development-proposals
Code Issues Proposed changes

Added notes for swift, and edited existing cinder notes.

Browse Source 
Change-Id: I7c5671caafd65d5c56301eaca0bd2c1bacbb9f79
This commit is contained in:
philip williams
2015-12-15 11:26:35 +00:00
parent 33e9ce539e
commit eed00b2b9e
1 changed files with 80 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
user-stories/draft/encryptedstorage.rst
View File

@@ -3,44 +3,46 @@ Encrypted Storage
*Problem description*
---------------------
Each enterprise has its own data classification strategy. The types of data
include: financial data, personal data, health data, confidential business
data, etc. Some enterprise (especially in banking, finance and insurance
industry) has stringent data requirements in order to be compliant with laws
and regulations. For example, PCI DSS Requirement 3.4 states that credit card
personal account number must be rendered unreadable anywhere it is stored
(including portable digital media, backup media and logs). Applications
(including database) that interact with these classes of information need to be
able to specify encrypted storage requirements when the application is launched
and interacts with some of these classes. The data must be encrypted in motion
as well as at rest. The application should not require admin privileges to
access encrypted storage.
In addition, proper key management process need to be in place. The keys used
to encrypt/decrypt the data must be changed on a regular basis and the access
of keys are restricted to authorized personnel only.
Enterprises typically have their own data classification strategies. The types
of data stored typically include (but are not limited to): financial, personal,
health, and confidential business data. Some enterprises (especially finance and
health care industries) have stringent data requirements in order to be
compliant with regional law and regulations.
For example, PCI DSS Requirement 3.4 states that credit card payment details must
be rendered unreadable anywhere they are persistently stored (including portable
digital media, backup media and logs). Applications (including database
back-ends) that interact with these classes of data need to be able to specify
encrypted storage requirements when an application is launched and interacts with
some of these data classes. The data must be encrypted both in flight as well as
at rest. The application should not require administrative privileges to specify
or access encrypted storage.
In addition, proper key management processes need to be in place. The keys used
to encrypt/decrypt the data must be rotated on a regular basis and the access of
keys are restricted to authorized personnel only.
User Stories
------------
* As the Enterprise IT Manager, I must ensure the appropriate security for the HR
department database with employee records that services several department
applications. I would like to move the database into our companies private cloud
so I dont need to maintain the system it currently lives on. However, because of
the critical nature of the information in the database our company policy does
not allow this information to reside on any shared system in an unencrypted
state. To be able to move the database into the private cloud I need to ensure
that the stored data and all data in transit from/to the VM will be encrypted.
While the HR Department would love to have improved uptime for their database,
they are used to having to manually restart/reboot as needed and can live with
this in the cloud as well.
* I am the Enterprise IT manager for an insurance company. My company maintains a
database with insurers credit card records for annual renewal purpose. Our
company would like to move the database into our OpenStack private cloud. In
order to comply with company security policy, government laws and financial
regulations, I need to ensure that information stored in the private cloud
(including backup) is encrypted, and the keys used to encrypt the data are
rotated/changed annually.
* As the Enterprise IT Manager, I must ensure the appropriate security for the
HR Department database containing employee records that services several
applications. I would like to migrate the database into our company's
OpenStack private cloud so that I do not need to maintain the system it
currently resides on. However, because of the sensitive nature of the
information in the database our company policy does not allow this
information to reside on any shared system in an unencrypted form. To be able
to move the database into the private cloud I need to ensure that the
persistently stored data and all data in flight to/from the instance is
encrypted. While the HR Department would like to have improved uptime for
their database, they are used to having to manually restart/reboot as needed
and can live with this in the cloud as well.
* I am the Enterprise IT manager for an insurance company. My company
maintains a database with insurers credit card records for annual renewal
purposes. Our company would like to move the database into our OpenStack
private cloud. In order to comply with company data classification policy,
government law and financial regulations, I need to ensure that information
stored in the private cloud (including backups) is encrypted in flight and
at rest, and that keys used to encrypt the data are rotated annually.
Usage Scenarios Examples
------------------------
@@ -57,37 +59,51 @@ Related User Stories
*Requirements*
--------------
* A block & object storage option that includes encryption / decryption at the VM
source.
* A method for the application to specify that it requires a block storage
system that includes encryption / decryption at the VM source.
* A block & object storage solution that enables encryption/decryption at the
instance source
* A block & object storage solution that enables encryption/decryption for
data at rest
* A method for the application to specify that it requires a block storage
system that includes encryption/decryption at the instance
* A method for rotating the key used to encrypt/decrypt the data after a
specific period of time
* OpenStack services to enforce the storage requirements for the application
* A method for changing the key used to encrypt/decrypt the data after a specific
period of time.
*The database application needs to be able to specify that it needs an encrypted
storage system that supports encryption / decryption at the VM source, in
addition to at rest.
*The storage system must be able to handle both Reads/Writes of persistent
encrypted block storage in excess of 1TB device to be backed up nightly.
* The application needs to be able to specify that it requires an encrypted
storage system that supports either or both encryption/decryption at the
instance, in addition to at rest.
*Gaps*
------
**Cinder issues:**
* The basic storage encryption functionality looks like it may exist, but
requires admin status. Creating encrypted volumes should not require admin
status.
* The storage encryption functionality exists, but requires admin status.
Creating encrypted volumes should not require admin status.
* Encryption keys are set at creation time, however it is not clear how to
rotate the key(s), once a volume is in use. Rotating keys is a requirement of
many data storage standards.
**Swift issues:**
* At present an application is responsible for encrypting Objects prior to
calling a PUT operation, swift will store any object that is in the PUT
request. Swift should reject object PUTs that are tagged to be encrypted by
the application.
* Development of a data at rest solution is currently under development,
however, this does not solve for in flight data.
*Affected By*
-------------
At the Hong kong summit there was a talk on barbican/cinder/nova for this type of
functionality. Dont know if it was successfully integrated into OpenStack yet.
https://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/p
resentation/encrypted-block-storage-technical-walkthrough
* There is a spec located at: https://wiki.openstack.org/wiki/VolumeEncryption
for some early work and the current documentation is located at:
http://docs.openstack.org/juno/config-reference/content/section_create-encrypted-
volume-type.html where it implies that admin privilege is required.
* At the Hong Kong summit there was `a talk`_ on barbican/cinder/nova for this
type of functionality. Dont know if it was successfully integrated into
OpenStack yet.
* There is a `volume encryption spec`_ for some early work and the
`current documentation`_ implies that admin privilege is required.
* There is an `object encryption spec`_ which documents the approach for object
encryption (at rest).
*External References*
---------------------
@@ -95,4 +111,10 @@ None.
Glossary
--------
None.
* Data in Flight - Data in transit between an instance and storage system
* Data at Rest - Data stored persistently on a storage system
.. _a talk: https://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/encrypted-block-storage-technical-walkthrough
.. _current documentation: http://docs.openstack.org/liberty/config-reference/content/section_create-encrypted-volume-type.html
.. _volume encryption spec: https://wiki.openstack.org/wiki/VolumeEncryption
.. _object encryption spec: https://wiki.openstack.org/wiki/ObjectEncryption