Page tree
Skip to end of metadata
Go to start of metadata


Overview

Project NameEnter the name of the project
Target Release NameJerma
Project Lifecycle StateIncubation/Mature (See OPNFV Lifecycle for more information)

Scope

The Moon platform is a security policy engine with the following characteristics:

  • centralized (or not)
    • Moon can centralize all authorization requests for multiple VIMs (Virtual Infrastructure Managers) at one time
    • Moon can centralize all security policies for multiple VIMs
  • with fully customizable security policies
    • Moon can work on RBAC (Role based Access Control) policies or MLS (Multi Layer Security) policies
    • Moon can integrate ABAC (Attribute Based Access Control)
    • Moon can also create and use a new custom policy
  • with a user centric management
    • The end user (administrator of the VIM - Virtual Infrastructure Manager, eg. OpenStack) is able to generate his/her own policies
    • The end user (administrator of the VIM) is able to manage his/her own policies through a simplified user interface

The Moon platform can also be a security orchestrator which can:

  • dynamically assign and manage policies through a simplified user interface
  • integrate OpenStack, OpenDaylight and scalable to Kubernetes (allowing to connect Kubernetes with Moon security engine)
  • theoretically integrate more systems (like VIMs, IoT, ...)

The source code was completely rewritten, new features (from the previous release) include:

  • new APIs
    • Manager API (to manage master/slaves, rules, ...)
    • Slaves API (to manage the flow of data between Master and Slaves)
  • new web user interface enabling dynamic activation/deactivation of security rules
  • new import mechanisms

Requirements

None

Release Artifacts

Indicate the work product (Executable, Source Code, Library, API description, Tool, Documentation, Release Note, etc) for this release.

NameDescription

Format (Container, Compressed File, etc.)

Source CodeSource Code of Moonhttps://git.opnfv.org/moon
Release NoteRelease Notehttps://git.opnfv.org/moon/about/
ExecutableLibraries of Moon

https://pypi.org/project/moon-manager/

https://pypi.org/project/moon-engine/




Architecture

High level architecture diagram

Here is the model of data used in Moon:

Moon used a data model allowing to link perimeter data (data from outside) with Moon Security Rules. This formalization allows to create ABAC (Attribute Based Access Control) security models.

Moon separates data flows into a control plane and a data plane.

In the control plane, the administrators can add and manage security policies, in the data plane, PDP (Policy Decision Point) wait for requests from external entities (like OpenStack).

Internal Dependencies

N/A

External Dependencies

Moon executable need some external python dependencies. Those dependencies are listed in the requirements.txt file of each library.

Test and Verification

The moon code is fully and automatically tested:

  • unit tests
  • functional tests
  • load tests

Risks


Risk DescriptionMitigation Plan
Bad configuration of security policiesExecute tests of those policies in a test environment before putting them in a production environment
Performance issues (because of authorization requests)Have the right server size (CPU and RAM)
  • No labels