← Back to team overview

openstack team mailing list archive

Re: Using openstack to manage dedicated servers in a service provider setting

 

I'll just use full server sized VMs made of KVM & disclose in my product
detail page that the dedicated servers are comprised of this design to
mitigate the attack vector we're speaking of.

-----Original Message-----
From: Openstack
[mailto:openstack-bounces+chris=christopherbartels.com@xxxxxxxxxxxxxxxxxxx]
On Behalf Of Robert Collins
Sent: Monday, May 27, 2013 2:37 PM
To: Jeremy Stanley
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Using openstack to manage dedicated servers in a
service provider setting

On 28 May 2013 01:23, Jeremy Stanley <fungi@xxxxxxxxxxx> wrote:

> Note that this is a not-often-talked-about security risk throughout 
> the industry, it's not just an OpenStack baremetal issue.

Indeed! However while it was obscure, esoteric and largely unknown 20 years
ago, it's now part of the standard risk profile from a security perspective
- it's precisely what UEFI secure boot targets... The current bleeding edge
of attacks is factory compromised bus devices, with stock firmware having a
hostile mode that isn't even compromised, but is built-in. *That* I'm
willing to ignore for now:). Well, other than buying good hardware :).

> Many (most? all?) data center hosting companies reuse servers between 
> short-term dedicated hardware tenants without doing much more than a 
> disk wipe and typical BIOS upgrade. For that matter, there's a similar 
> risk when purchasing used or refurbished hardware... or even new 
> hardware, depending on how much you trust the procurement chain (but 
> in that case there's at least readily available legal recourse if you 
> find out the manufacturer/distributor/carrier intentionally engaged in 
> compromising the hardware).

Yup :).

> Some companies are aware of these possibilities and may have simply 
> decided their risk analysis shows it's not worth mitigating in their 
> situations, but many are not aware that this attack surface even 
> exists to begin with. Now, whether can you trust that the computer 
> manufacturing and software industries can solve this problem (Trusted 
> Computing and so on) is another question entirely.

Yeah :(. It's not clear that adding a whole new OS to the boot process is
the right answer, but it's the only one with widespread adoption so far.

-Rob
--
Robert Collins <rbtcollins@xxxxxx>
Distinguished Technologist
HP Cloud Services

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



References