x/development-proposals
Code Issues Proposed changes

Added notes for swift, and edited existing cinder notes.

Browse Source 
Change-Id: I7c5671caafd65d5c56301eaca0bd2c1bacbb9f79
This commit is contained in:
philip williams
2015-12-15 11:26:35 +00:00
parent 33e9ce539e
commit eed00b2b9e
1 changed files with 80 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
user-stories/draft/encryptedstorage.rst
View File

@@ -3,44 +3,46 @@ Encrypted Storage
*Problem description* *Problem description*
--------------------- ---------------------
Each enterprise has its own data classification strategy. The types of data Enterprises typically have their own data classification strategies. The types
include: financial data, personal data, health data, confidential business of data stored typically include (but are not limited to): financial, personal,
data, etc. Some enterprise (especially in banking, finance and insurance health, and confidential business data. Some enterprises (especially finance and
industry) has stringent data requirements in order to be compliant with laws health care industries) have stringent data requirements in order to be
and regulations. For example, PCI DSS Requirement 3.4 states that credit card compliant with regional law and regulations.
personal account number must be rendered unreadable anywhere it is stored
(including portable digital media, backup media and logs). Applications For example, PCI DSS Requirement 3.4 states that credit card payment details must
(including database) that interact with these classes of information need to be be rendered unreadable anywhere they are persistently stored (including portable
able to specify encrypted storage requirements when the application is launched digital media, backup media and logs). Applications (including database
and interacts with some of these classes. The data must be encrypted in motion back-ends) that interact with these classes of data need to be able to specify
as well as at rest. The application should not require admin privileges to encrypted storage requirements when an application is launched and interacts with
access encrypted storage. some of these data classes. The data must be encrypted both in flight as well as
at rest. The application should not require administrative privileges to specify
In addition, proper key management process need to be in place. The keys used or access encrypted storage.
to encrypt/decrypt the data must be changed on a regular basis and the access
of keys are restricted to authorized personnel only. In addition, proper key management processes need to be in place. The keys used
to encrypt/decrypt the data must be rotated on a regular basis and the access of
keys are restricted to authorized personnel only.
User Stories User Stories
------------ ------------
* As the Enterprise IT Manager, I must ensure the appropriate security for the HR * As the Enterprise IT Manager, I must ensure the appropriate security for the
department database with employee records that services several department HR Department database containing employee records that services several
applications. I would like to move the database into our companies private cloud applications. I would like to migrate the database into our company's
so I dont need to maintain the system it currently lives on. However, because of OpenStack private cloud so that I do not need to maintain the system it
the critical nature of the information in the database our company policy does currently resides on. However, because of the sensitive nature of the
not allow this information to reside on any shared system in an unencrypted information in the database our company policy does not allow this
state. To be able to move the database into the private cloud I need to ensure information to reside on any shared system in an unencrypted form. To be able
that the stored data and all data in transit from/to the VM will be encrypted. to move the database into the private cloud I need to ensure that the
While the HR Department would love to have improved uptime for their database, persistently stored data and all data in flight to/from the instance is
they are used to having to manually restart/reboot as needed and can live with encrypted. While the HR Department would like to have improved uptime for
this in the cloud as well. their database, they are used to having to manually restart/reboot as needed
and can live with this in the cloud as well.
* I am the Enterprise IT manager for an insurance company. My company maintains a * I am the Enterprise IT manager for an insurance company. My company
database with insurers credit card records for annual renewal purpose. Our maintains a database with insurers credit card records for annual renewal
company would like to move the database into our OpenStack private cloud. In purposes. Our company would like to move the database into our OpenStack
order to comply with company security policy, government laws and financial private cloud. In order to comply with company data classification policy,
regulations, I need to ensure that information stored in the private cloud government law and financial regulations, I need to ensure that information
(including backup) is encrypted, and the keys used to encrypt the data are stored in the private cloud (including backups) is encrypted in flight and
rotated/changed annually. at rest, and that keys used to encrypt the data are rotated annually.
Usage Scenarios Examples Usage Scenarios Examples
------------------------ ------------------------
@@ -57,37 +59,51 @@ Related User Stories
*Requirements* *Requirements*
-------------- --------------
* A block & object storage option that includes encryption / decryption at the VM
source. * A block & object storage solution that enables encryption/decryption at the
* A method for the application to specify that it requires a block storage instance source
system that includes encryption / decryption at the VM source. * A block & object storage solution that enables encryption/decryption for
data at rest
* A method for the application to specify that it requires a block storage
system that includes encryption/decryption at the instance
* A method for rotating the key used to encrypt/decrypt the data after a
specific period of time
* OpenStack services to enforce the storage requirements for the application * OpenStack services to enforce the storage requirements for the application
* A method for changing the key used to encrypt/decrypt the data after a specific * The application needs to be able to specify that it requires an encrypted
period of time. storage system that supports either or both encryption/decryption at the
*The database application needs to be able to specify that it needs an encrypted instance, in addition to at rest.
storage system that supports encryption / decryption at the VM source, in
addition to at rest.
*The storage system must be able to handle both Reads/Writes of persistent
encrypted block storage in excess of 1TB device to be backed up nightly.
*Gaps* *Gaps*
------ ------
**Cinder issues:** **Cinder issues:**
* The basic storage encryption functionality looks like it may exist, but * The storage encryption functionality exists, but requires admin status.
requires admin status. Creating encrypted volumes should not require admin Creating encrypted volumes should not require admin status.
status. * Encryption keys are set at creation time, however it is not clear how to
rotate the key(s), once a volume is in use. Rotating keys is a requirement of
many data storage standards.
**Swift issues:**
* At present an application is responsible for encrypting Objects prior to
calling a PUT operation, swift will store any object that is in the PUT
request. Swift should reject object PUTs that are tagged to be encrypted by
the application.
* Development of a data at rest solution is currently under development,
however, this does not solve for in flight data.
*Affected By* *Affected By*
------------- -------------
At the Hong kong summit there was a talk on barbican/cinder/nova for this type of
functionality. Dont know if it was successfully integrated into OpenStack yet.
https://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/p
resentation/encrypted-block-storage-technical-walkthrough
* There is a spec located at: https://wiki.openstack.org/wiki/VolumeEncryption * At the Hong Kong summit there was `a talk`_ on barbican/cinder/nova for this
for some early work and the current documentation is located at: type of functionality. Dont know if it was successfully integrated into
http://docs.openstack.org/juno/config-reference/content/section_create-encrypted- OpenStack yet.
volume-type.html where it implies that admin privilege is required. * There is a `volume encryption spec`_ for some early work and the
`current documentation`_ implies that admin privilege is required.
* There is an `object encryption spec`_ which documents the approach for object
encryption (at rest).
*External References* *External References*
--------------------- ---------------------
@@ -95,4 +111,10 @@ None.
Glossary Glossary
-------- --------
None. * Data in Flight - Data in transit between an instance and storage system
* Data at Rest - Data stored persistently on a storage system
.. _a talk: https://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/encrypted-block-storage-technical-walkthrough
.. _current documentation: http://docs.openstack.org/liberty/config-reference/content/section_create-encrypted-volume-type.html
.. _volume encryption spec: https://wiki.openstack.org/wiki/VolumeEncryption
.. _object encryption spec: https://wiki.openstack.org/wiki/ObjectEncryption