Inspector
Proposed name for the project: inspector
Proposed name for the repository: inspector
Project Category: Requirement
Project description
Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases.
The benefit is that:
Any NFV deployment will be easily checked for compliance towards relevant audit frameworks and that any necessary extensions to CADF are identified
It will be possible to assess the integrity of audit logs
For any NFV provider, it is necessary to provide audit data relevant to the specific industry requirements in a standard format
Scope
It is currently not possible to easily assess Cloud deployments compliance against an auditing standard
There are still several components that do not have sufficient infrastructure to enable auditing such as OpenStack and ODL.
There doesn't exist an implementation to assess the integrity of audit logs in the tools we are basing OPNFV in.
Proposal
Build the audit solution on the existing CADF-based tools
Provide documentation regarding the coverage of existing audit maps for OpenStack services and identify potential gaps in the audit objects
Provide requirements for ODL related to audit compliance
Provide evaluation results of whether CADF covers the necessary audit information for NFV
Provide requirements for OpenStack components regarding CADF compliance
Provide requirements for OpenStack components regarding Audit integrity protection
Specify testing and integration
Ensure that CADF compliant, signed log files are sampled in verification.
Debugging and Tracing
In the case of OpenStack, verify that Ceilometer reports appropriate audit data
Unit/Integration Test plans
In the case of OpenStack, ensure that logs are properly set in Ceilometer
Considerations
Since OpenStack and ODL evolve, there will be a need to revisit compliance of the audit maps.
Since CADF is an evolving format, there may be a need to redefine audit requirements.
Dependencies
Tightly linked to OpenStack release cycle
Open source projects currently aimed at:
Committers and Contributors:
Names and affiliations of the committers:
Names and affiliations of any other contributors:
Planned deliverables
OpenStack components' CADF Compliance documentation in OPNFV
OpenStack component audit capability requirements in OpenStack
Relevant blueprints related to audit data integrity attestation
Proposed Release Schedule:
Aligned with OpenStack Liberty release
Getting Started
References
DSP 0262, Cloud Audit Data Federation (CADF) – Data Format and Interface Specification by Distributed Management Task Force
DSP 2038, Cloud Audit Data Federation – OpenStack Profile (CADF-OpenStack)