Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip
titleWelcome to your new space!

Confluence spaces are great for sharing content and news with your team. This is your home page. Right now it shows recent space activity, but you can customize this page in anyway you like.

Complete these tasks to get started

  •   Edit this home page - Click Edit in the top right of this screen to customize your Space home page
  •   Create your first page - Click the Create button in the header to get started
  •   Brand your Space - Click Configure Sidebar in the left panel to update space details and logo
  •   Set permissions - Click Space Tools in the left sidebar to update permissions and give others access
 

Inspector

  • Proposed name for the project: inspector
  • Proposed name for the repository: inspector
  • Project Category: Requirement

Project description

Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases.

The benefit is that:

  • Any NFV deployment will be easily checked for compliance towards relevant audit frameworks and that any necessary extensions to CADF are identified
  • It will be possible to assess the integrity of audit logs

For any NFV provider, it is necessary to provide audit data relevant to the specific industry requirements in a standard format

Scope

It is currently not possible to easily assess Cloud deployments compliance against an auditing standard
There are still several components that do not have sufficient infrastructure to enable auditing such as OpenStack and ODL.

There doesn't exist an implementation to assess the integrity of audit logs in the tools we are basing OPNFV in.

Proposal

  • Build the audit solution on the existing CADF-based tools
  • Provide documentation regarding the coverage of existing audit maps for OpenStack services and identify potential gaps in the audit objects
  • Provide requirements for ODL related to audit compliance
  • Provide evaluation results of whether CADF covers the necessary audit information for NFV
  • Provide requirements for OpenStack components regarding CADF compliance
  • Provide requirements for OpenStack components regarding Audit integrity protection

Specify testing and integration

Ensure that CADF compliant, signed log files are sampled in verification.

Debugging and Tracing

In the case of OpenStack, verify that Ceilometer reports appropriate audit data

Unit/Integration Test plans

In the case of OpenStack, ensure that logs are properly set in Ceilometer

Considerations

  • Since OpenStack and ODL evolve, there will be a need to revisit compliance of the audit maps.
  • Since CADF is an evolving format, there may be a need to redefine audit requirements.

Dependencies

Tightly linked to OpenStack release cycle

Open source projects currently aimed at:

Committers and Contributors:

Names and affiliations of the committers:

Names and affiliations of any other contributors:

Planned deliverables

  • OpenStack components' CADF Compliance documentation in OPNFV
  • OpenStack component audit capability requirements in OpenStack
  • Relevant blueprints related to audit data integrity attestation

Proposed Release Schedule:

Aligned with OpenStack Liberty release

Getting Started

CADF / Keystone Example Set Up

OpenDayLight Install

References

DSP 0262, Cloud Audit Data Federation (CADF) – Data Format and Interface Specification by Distributed Management Task Force
DSP 2038, Cloud Audit Data Federation – OpenStack Profile (CADF-OpenStack)

Recent space activity

Recently Updated
typespage, comment, blogpost
max5
hideHeadingtrue
themesocial

Space contributors

Contributors
modelist
scopedescendants
limit5
showLastTimetrue
orderupdate