Re: [nvo3] draft-wei-nvo3-security-framework-00 is posted, please review it

Thu, 12 Jul 2012 19:56:45 -0700 

Hi, Anoop

  Thanks for your attention. Replies are as follows.

------------
Yinxing Wei

 



Anoop Ghanwani <[email protected]> 
发件人:  [email protected]
2012/07/13 09:24

收件人
[email protected]
抄送
[email protected]
主题
Re: [nvo3] draft-wei-nvo3-security-framework-00 is posted, please review 
it






Just to double-check:

- This draft looks at security from the standpoint
  of tenants being potentially malicious, but the provider
  infrastructure is all trusted.

Yinxing> Tenants are potentially malicious. The reason is that some 
tenants may compete with each 
other and want to abtain sensitive information from others.
As to whether the provider infrastructure is trusted or not, it may depend 
on business model. For example, 
one operator provides Infrastructure service, another provides tenant 
service based on the previous one. 
Different operator may have different security policies. In this case, the 
provider infrastructure may be 
untrusted.

- It assumes that the provider-managed equipment
  is not compromised (e.g. the hypervisor is never
  compromised).

Yinxing> We can take this assumption that provide-managed equipment is not 
compromised. However, there exist some
virtualization-based attacks, such as Blue Pill, SubVirt, etc. It may be 
necessary to do some risk assessment.

Is this correct?

Anoop

On Wed, Jun 20, 2012 at 1:59 AM,  <[email protected]> wrote:
>
> Hi, folks
>
> A new draft is posted, which is about the security framework for NVO3.
> Please review it, any comments are appreciated.
>
> Filename:                  draft-wei-nvo3-security-framework
> Revision:                  00
> Title:                                   NVO3 Security Framework
> Creation date:                  2012-06-20
> WG ID:                                   Individual Submission
> Number of pages: 8
> URL:
> 
http://www.ietf.org/internet-drafts/draft-wei-nvo3-security-framework-00.txt

> Status:
> http://datatracker.ietf.org/doc/draft-wei-nvo3-security-framework
> Htmlized:
> http://tools.ietf.org/html/draft-wei-nvo3-security-framework-00
>
>
> Abstract:
>   This document provides a security framework for overlay based network
>   virtualization.  It describes the security reference model, the
>   security threats and security requirements.
>
>
> -------------
> Yinxing Wei
> _______________________________________________
> nvo3 mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/nvo3
>




_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3

Reply via email to