AMQP server provides the message bus for openstack, so its security affects the overall of openstack big time. A lot of efforts have been spent on authentication of the sender/recipient, and confidentiality/integrity protection of the messages. However, a compromised Nova component, e.g. hypervisor, can pass authentication as normal (before the compromise is detected and corrected) and send malicious but legitimate messages to the bus and hence mess up the openstack system. Fine grained access control and throttling of messages etc for authenticated AMQP client is needed to counter this.
Oneway to do that is to implement the access control, authorization and throttling etc in the Nova code, but this implementation will be duplicated everywhere AMQP messages are examined and/or consumed.
This session proposes implementing access control with flexible authorization based on roles and other metrics, message authenticity, throttling/rate-limiting etc at the AMQP level via either an AMQP proxy or as a plugin to an AMQP server. It can also help on access control in multi-cluster scenarios as well.
If accepted, a 45-minute talk will be prepared or brainstorming session will be conducted to outline and discuss the details on how it works. Note that it's not just for openstack, any system that uses AMQP as message bus can leverage the capabilities provided here.
About the author: Jiangang Zhang, a.k.a. JZ, veteran in architecting and managing the whole development lifecycle of highly scalable, highly available and highly performant software and systems and in practicing pretty much all aspects of information security, currently Distinguished Architect at Yahoo. JZ can be reached via jz@yahoo-inc.com (business) or jgzhang@hotmail.com (personal).
