Jump to: navigation, search

Difference between revisions of "Hawthorn"

Line 56: Line 56:
  
 
==Initial Architecture==
 
==Initial Architecture==
[[File:Hawthorn Initial Architecture v0.png|thumb|Hawthorn Initial Architecture v0]]
+
[[File:Hawthorn Initial Architecture v0.png|300px|center|thumb|Hawthorn Initial Architecture v0]]
  
 
==Resources==
 
==Resources==
 
* Wiki : https://wiki.openstack.org/wiki/Hawthorn
 
* Wiki : https://wiki.openstack.org/wiki/Hawthorn
 
* Hawthorn project slides: https://docs.google.com/presentation/d/1MOvkqdYgoMDcf3B8Sb6Bx3qR6ZrBz-kJT7gpKUxudRc/edit?usp=sharing
 
* Hawthorn project slides: https://docs.google.com/presentation/d/1MOvkqdYgoMDcf3B8Sb6Bx3qR6ZrBz-kJT7gpKUxudRc/edit?usp=sharing

Revision as of 03:43, 30 September 2018

Hawthorn is to providing a general unified trust management framework for different trust formats (such as TPM, TCM and so on) in Openstack.

Use Cases

A set of simple use cases are proposed here to help you understand the motivation of this project.

Scenario 1: Cloud computing

Use case 1: Trust computing pools

Enterprises and CSPs are creating private and public clouds which contain thousands of compute nodes across different regions. To ensure the trustworthy of the running environment, cloud tenants would like to their workloads deploy and launch on the trusted compute nodes.

The trust computing technology supports Trusted Boot and Remote Attestation, and it can inform cloud tenants of the compute nodes are trusted for hosting their workloads. When requesting a virtual machine from the OpenStack dashboard, administrators or the application owner can specify that workloads only be executed on trusted hosts in accordance with cloud tenants’ policy requirements.

Use case 2: Workload integrity and confidentiality

Enterprises and CSPs are creating private and public clouds which contain thousands of compute nodes across different regions. To ensure the trustworthy of the running environment, cloud tenants would like to their workloads deploy and launch on the trusted compute nodes.

The trust computing technology supports Trusted Boot and Remote Attestation, and it can inform cloud tenants of the compute nodes are trusted for hosting their workloads. When requesting a virtual machine from the OpenStack dashboard, administrators or the application owner can specify that workloads only be executed on trusted hosts in accordance with cloud tenants’ policy requirements.

Scenario 2: Internet of things

Use case 1: Establishing and protecting device identity

Almost all IoT scenarios require reliable authentication of the devices in use, but unfortunately the Internet does not provide reliable endpoint authentication, so devices must identify themselves instead.

The trust computing technology provides symmetric-key encryption, HMAC, and asymmetric cryptography capabilities to protect cryptographic device identities that are robust in the face of malware attack.

Use case 2: Detecting malware infections

IoT devices should be able to resist malware infections, both volatile and persistent. In general, the detection and remediation of malware is a hard problem because malware seeks equivalent or higher privilege than the systems that are seeking to detect and isolate it.

The trust computing technology supports Trusted Boot and Remote Attestation, which can even detect changes to BIOS or other firmware.

Use case 3: Protecting computation from tampering

Malware frequently uses two techniques to insert itself into a target platform. One is to modify code in memory , other is to modify files.

The trust computing technology produces a digitally signed report of those hash measurements of important files and data at any time to any entity. An external entity accesses to the benchmark measurements that compares those signed report and determine whether code on the device in question has changed or not.

Scenario 3: Mobile device

Use case 1: Protecting mobile banking

As society becomes more cashless, the likelihood that more end users carry mobile devices than old fashioned cash is increasing. Banking also tends to be a more frequent activity, with growing demand for anytime and anywhere convenience. However, The banking application may be attacked to allow an unauthorized transaction. For example, Over-the-air personalisation can be intercepted to duplicate an account in other devices or by other media ; Confidential information about an account is leaked during transmission .

Trust computing technology can enforce platform integrity so that it can help prevent software attacks on the relevant functionality blocks. As a result, the protocols and functions are forced to be executed in the way that was intended. This can be used to counter a number of the aforementioned threats.

Use case 2: Protecting mobile payment

Security is one of the fundamental elements of any mobile payment solution, as is usability. A payment may be made from an account of a credit card, a debt card, or a pre-paid cash portal, a representation of which is stored on the mobile device. However, The payment application can be modified so as to act as a “back door” for non-payment related attacks on the device.

Trust computing technology can be used to measure the authenticity and integrity of the payment application which counters threat .

Scenario 4: Network equipment

Use case 1: Securing secrets

Network equipment often contains sensitive information such as traffic logs or cryptographic keys (e.g., shared secrets, passwords, VPN keys, SSL keys, and stored data encryption keys). Disclosure of these secrets could result in disclosure of confidential network traffic and privacy-sensitive information or even enable malicious tampering with the network.

Network operators (especially Service Providers and Enterprises) can protect these secrets against disclosure by the trust computing technology to keep their networks secure and reliable, and also to meet regulatory or customer requirements for confidentiality and privacy.

Use case 2: Protection of configuration data

Network Equipment usually requires configuration, often involving many parameters stored in a variety of files. The equipment Owner may wish to retain control over changes to configuration files on the equipment, with the goal of ensuring that unauthorized configuration changes don’t compromise their network.

The trust computing technology can encrypt and sign configuration files so each file can only be used on the intended device, and the device will only accept configuration from the authorized Owner.

Use case 3: Attestation of integrity for network devices

One extension to remote device management enabled by trust computing technology is an ability to monitor the authenticity of software versions and configurations running on each device. This allows owners and auditors to detect deviation from approved software and firmware versions and configurations, potentially identifying infected devices.

Initial Architecture

Hawthorn Initial Architecture v0

Resources