SlideShare a Scribd company logo

Security_of_openstack_keystone

Download as PPTX, PDF
UT, San Antonio
UT, San Antonio
Technology
1 of 12
Experimenting Security of Keystone (Authentication Module of OpenStack) Presented By Yun Zhang, Tahmina Ahmed & Prosunjit Biswas UTSA
OpenStack • OpenStack is a cloud Software to Manage virtual infrastructures (v. cpu, v. memory and so on) of ‘Infrastructure as a service’ Cloud. • Analogous to a operating system for cloud.
Keystone • Keystone is an OpenStack project that provides Identity, Token, Catalog and Policy services for use specifically by projects in the OpenStack family Keystone
Keystone in the Big Picture Keystone’s Role in Launching VM instance : 1. Client obtains token from the Keystone 2. Client sends request to Nova API to launch VM instance 3. Nova API verifies token in Keystone 4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation 5. Nova API calls nova-compute via RPC to launch VM instance.
Keystone Components and Operations Token Operations: Service Catalog Ops: Identity Mngt Ops 1. 2. 3. 4. 1. Maintain service list and service endpoint 1. Maintaining Tenant 2. Maintaining User 3. Maintaining Role Token Generation Token Verification Token Revocation Signing Token
Experiment1 Resiliency of Keystone on DDOS Attack Attack scenarios : 1. Request for generating tokens 2. Request for a service catalog 3. Ask for token revocation List
Experiment1 Resiliency of Keystone on DDOS Attack Attack Configuration Keystone is running a VM with following Conf: 1. V.Cpu: TBD 2. V. Memeory: TBD Attack Machine conf: No. of Machine : 10 1. V. CPU : TBD 2. V. Memory: TBD
Experiment1 Resiliency of Keystone on DDOS Attack Monitoring Keystone Machine for Attack Resiliency: 1. Finding Processing time for each request 2. Finding memory and CPU use of the Keystone machine over time. Work Plan: 1. Develop a script that continuously monitor Keystone Machine’s Health status ( CPU utilization, memory Usage)
Experiment2 Checking Randomness of Generated Token • Why token randomness : – It ensures that an attacker generated token never corresponds to a valid token
Experiment2 Checking Randomness of Generated Token • Experiment Synopsis : – Generate 10000 token and plot it with scatterplot. – Determine in which probability two generated token are same.
Project Challenges • Incomplete documentation
Question / Comment

Recommended

OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Prasad Mukhedkar
 
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedDeep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedPriti Desai
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federatedjamielennox
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack KeystoneDeepti Ramakrishna
 

Recommended

OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Keystone - Openstack Identity Service
Keystone - Openstack Identity Service Prasad Mukhedkar
 
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedDeep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons LearnedPriti Desai
 
Keystone: Federated
Keystone: FederatedKeystone: Federated
Keystone: Federatedjamielennox
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack KeystoneDeepti Ramakrishna
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone DeploymentPriti Desai
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCloudIDSummit
 
Quick overview of Openstack architecture
Quick overview of Openstack architectureQuick overview of Openstack architecture
Quick overview of Openstack architectureToni Ramirez
 
OpenStack Security
OpenStack SecurityOpenStack Security
OpenStack Securityopenstackindia
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation openstackindia
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administrationAshish Sharma
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directorycjellick
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API SecurityCloudIDSummit
 
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...DevDay.org
 
OpenStack - Infrastructure as a service
OpenStack - Infrastructure as a serviceOpenStack - Infrastructure as a service
OpenStack - Infrastructure as a serviceDenis Cavalcante
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceOpenStack
 
Keystone deep dive 1
Keystone deep dive 1Keystone deep dive 1
Keystone deep dive 1Jsonr4
 
Openstack training material
Openstack training materialOpenstack training material
Openstack training materialchenvi123
 
Cloud and OpenStack
Cloud and OpenStackCloud and OpenStack
Cloud and OpenStackSeyed Ehsan Beheshtian
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014Victor Morales
 
Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)Ken Pepple
 
Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)Krunal Jain
 
OpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpen Stack
 
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Security Conference
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 

More Related Content

What's hot

Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone DeploymentPriti Desai
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCloudIDSummit
 
Quick overview of Openstack architecture
Quick overview of Openstack architectureQuick overview of Openstack architecture
Quick overview of Openstack architectureToni Ramirez
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity serviceopenstackindia
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administrationAshish Sharma
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directorycjellick
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API SecurityCloudIDSummit
 
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...DevDay.org
 
OpenStack - Infrastructure as a service
OpenStack - Infrastructure as a serviceOpenStack - Infrastructure as a service
OpenStack - Infrastructure as a serviceDenis Cavalcante
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceOpenStack
 
Keystone deep dive 1
Keystone deep dive 1Keystone deep dive 1
Keystone deep dive 1Jsonr4
 
Openstack training material
Openstack training materialOpenstack training material
Openstack training materialchenvi123
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014Victor Morales
 
Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)Ken Pepple
 
Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)Krunal Jain
 
OpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpen Stack
 

What's hot (20)

Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone Deployment
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve Martinelli
 
Quick overview of Openstack architecture
Quick overview of Openstack architectureQuick overview of Openstack architecture
Quick overview of Openstack architecture
 
OpenStack Security
OpenStack SecurityOpenStack Security
OpenStack Security
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administration
 
Integrating OpenStack with Active Directory
Integrating OpenStack with Active DirectoryIntegrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
 
CIS13: OpenStack API Security
CIS13: OpenStack API SecurityCIS13: OpenStack API Security
CIS13: OpenStack API Security
 
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
 
OpenStack - Infrastructure as a service
OpenStack - Infrastructure as a serviceOpenStack - Infrastructure as a service
OpenStack - Infrastructure as a service
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity service
 
Keystone deep dive 1
Keystone deep dive 1Keystone deep dive 1
Keystone deep dive 1
 
Openstack training material
Openstack training materialOpenstack training material
Openstack training material
 
Cloud and OpenStack
Cloud and OpenStackCloud and OpenStack
Cloud and OpenStack
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014
 
Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)Introduction to OpenStack Architecture (Grizzly Edition)
Introduction to OpenStack Architecture (Grizzly Edition)
 
Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)Introduction to OpenStack (Juno)
Introduction to OpenStack (Juno)
 
OpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpenStack 101 Technical Overview
OpenStack 101 Technical Overview
 

Similar to Security_of_openstack_keystone

BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Security Conference
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 
Dynatrace - Red Hat workshop : Monolith to Microservices
Dynatrace - Red Hat workshop : Monolith to MicroservicesDynatrace - Red Hat workshop : Monolith to Microservices
Dynatrace - Red Hat workshop : Monolith to MicroservicesSteve Caron
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Idit Levine
 
Module_2_Slides.pdf
Module_2_Slides.pdfModule_2_Slides.pdf
Module_2_Slides.pdfgoldfer1
 
Building a blockchain on tendermint
Building a blockchain on tendermintBuilding a blockchain on tendermint
Building a blockchain on tendermintLviv Startup Club
 
Gordonh0945deepdive openstackcompute-140417174059-phpapp02
Gordonh0945deepdive openstackcompute-140417174059-phpapp02Gordonh0945deepdive openstackcompute-140417174059-phpapp02
Gordonh0945deepdive openstackcompute-140417174059-phpapp02Công TÔ
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵Amazon Web Services Korea
 
Observability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesObservability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesLuke Marsden
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优Hardway Hou
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewrajdeep
 
Survey of open source cloud architectures
Survey of open source cloud architecturesSurvey of open source cloud architectures
Survey of open source cloud architecturesabhinav vedanbhatla
 
Scaling Ethereum using Zero-Knowledge Proofs
Scaling Ethereum using Zero-Knowledge ProofsScaling Ethereum using Zero-Knowledge Proofs
Scaling Ethereum using Zero-Knowledge ProofsHyojun Kim
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows AzureDamir Dobric
 

Similar to Security_of_openstack_keystone (20)

BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices World
 
Dynatrace - Red Hat workshop : Monolith to Microservices
Dynatrace - Red Hat workshop : Monolith to MicroservicesDynatrace - Red Hat workshop : Monolith to Microservices
Dynatrace - Red Hat workshop : Monolith to Microservices
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017
 
Module_2_Slides.pdf
Module_2_Slides.pdfModule_2_Slides.pdf
Module_2_Slides.pdf
 
Fiware cloud developers week brussels
Fiware cloud developers week brusselsFiware cloud developers week brussels
Fiware cloud developers week brussels
 
Building a blockchain on tendermint
Building a blockchain on tendermintBuilding a blockchain on tendermint
Building a blockchain on tendermint
 
Gordonh0945deepdive openstackcompute-140417174059-phpapp02
Gordonh0945deepdive openstackcompute-140417174059-phpapp02Gordonh0945deepdive openstackcompute-140417174059-phpapp02
Gordonh0945deepdive openstackcompute-140417174059-phpapp02
 
Wcat
WcatWcat
Wcat
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
 
Observability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesObservability beyond logging for Java Microservices
Observability beyond logging for Java Microservices
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
 
Survey of open source cloud architectures
Survey of open source cloud architecturesSurvey of open source cloud architectures
Survey of open source cloud architectures
 
Scaling Ethereum using Zero-Knowledge Proofs
Scaling Ethereum using Zero-Knowledge ProofsScaling Ethereum using Zero-Knowledge Proofs
Scaling Ethereum using Zero-Knowledge Proofs
 
Blockene
BlockeneBlockene
Blockene
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows Azure
 

More from UT, San Antonio

digital certificate - types and formats
digital certificate - types and formatsdigital certificate - types and formats
digital certificate - types and formatsUT, San Antonio
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with SonarlintUT, San Antonio
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityUT, San Antonio
 
Big Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationBig Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationUT, San Antonio
 
Enumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelEnumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelUT, San Antonio
 
Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)UT, San Antonio
 
Research seminar group_1_prosunjit
Research seminar group_1_prosunjitResearch seminar group_1_prosunjit
Research seminar group_1_prosunjitUT, San Antonio
 
Attribute Based Encryption
Attribute Based EncryptionAttribute Based Encryption
Attribute Based EncryptionUT, San Antonio
 
Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction UT, San Antonio
 
Transcription Factor DNA Binding Prediction
Transcription Factor DNA Binding PredictionTranscription Factor DNA Binding Prediction
Transcription Factor DNA Binding PredictionUT, San Antonio
 

More from UT, San Antonio (20)

digital certificate - types and formats
digital certificate - types and formatsdigital certificate - types and formats
digital certificate - types and formats
 
Saml metadata
Saml metadataSaml metadata
Saml metadata
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerability
 
Abac17 prosun-slides
Abac17 prosun-slidesAbac17 prosun-slides
Abac17 prosun-slides
 
Abac17 prosun-slides
Abac17 prosun-slidesAbac17 prosun-slides
Abac17 prosun-slides
 
Recitation
RecitationRecitation
Recitation
 
Recitation
RecitationRecitation
Recitation
 
Big Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationBig Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory Computation
 
Enumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelEnumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) model
 
Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)
 
Three month course
Three month courseThree month course
Three month course
 
One month-syllabus
One month-syllabusOne month-syllabus
One month-syllabus
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
 
Research seminar group_1_prosunjit
Research seminar group_1_prosunjitResearch seminar group_1_prosunjit
Research seminar group_1_prosunjit
 
Ksi
KsiKsi
Ksi
 
Attribute Based Encryption
Attribute Based EncryptionAttribute Based Encryption
Attribute Based Encryption
 
Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction
 
Cyber Security Exam 2
Cyber Security Exam 2Cyber Security Exam 2
Cyber Security Exam 2
 
Transcription Factor DNA Binding Prediction
Transcription Factor DNA Binding PredictionTranscription Factor DNA Binding Prediction
Transcription Factor DNA Binding Prediction
 

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Security_of_openstack_keystone

  • 1. Experimenting Security of Keystone (Authentication Module of OpenStack) Presented By Yun Zhang, Tahmina Ahmed & Prosunjit Biswas UTSA
  • 2. OpenStack • OpenStack is a cloud Software to Manage virtual infrastructures (v. cpu, v. memory and so on) of ‘Infrastructure as a service’ Cloud. • Analogous to a operating system for cloud.
  • 3. Keystone • Keystone is an OpenStack project that provides Identity, Token, Catalog and Policy services for use specifically by projects in the OpenStack family Keystone
  • 4. Keystone in the Big Picture Keystone’s Role in Launching VM instance : 1. Client obtains token from the Keystone 2. Client sends request to Nova API to launch VM instance 3. Nova API verifies token in Keystone 4. Nova requests Keystone to get all available quotas for project/user. Nova calculates amount of used resources and allows or permits operation 5. Nova API calls nova-compute via RPC to launch VM instance.
  • 5. Keystone Components and Operations Token Operations: Service Catalog Ops: Identity Mngt Ops 1. 2. 3. 4. 1. Maintain service list and service endpoint 1. Maintaining Tenant 2. Maintaining User 3. Maintaining Role Token Generation Token Verification Token Revocation Signing Token
  • 6. Experiment1 Resiliency of Keystone on DDOS Attack Attack scenarios : 1. Request for generating tokens 2. Request for a service catalog 3. Ask for token revocation List
  • 7. Experiment1 Resiliency of Keystone on DDOS Attack Attack Configuration Keystone is running a VM with following Conf: 1. V.Cpu: TBD 2. V. Memeory: TBD Attack Machine conf: No. of Machine : 10 1. V. CPU : TBD 2. V. Memory: TBD
  • 8. Experiment1 Resiliency of Keystone on DDOS Attack Monitoring Keystone Machine for Attack Resiliency: 1. Finding Processing time for each request 2. Finding memory and CPU use of the Keystone machine over time. Work Plan: 1. Develop a script that continuously monitor Keystone Machine’s Health status ( CPU utilization, memory Usage)
  • 9. Experiment2 Checking Randomness of Generated Token • Why token randomness : – It ensures that an attacker generated token never corresponds to a valid token
  • 10. Experiment2 Checking Randomness of Generated Token • Experiment Synopsis : – Generate 10000 token and plot it with scatterplot. – Determine in which probability two generated token are same.