cfn/cfn-security
Code Issues Proposed changes
Files
master
cfn-security/sub-group-introduction.md
luli 660af2f20b modify sub-group-introduction.md 
Change-Id: I4252f868e255efaf38525d152676c62dc502a861
2025-07-09 18:12:10 +08:00

3.0 KiB
Raw Permalink Blame History

CFN-Security Sub-group Introduction

Project Facts

Project Creation Date: 2024/04/25

Primary Contact: Li Lu & luli@chinamobile.com

Project Lead: Huizheng Geng&genghuizheng@chinamobile.com

Committers: Jing Cao& caojing1@caict.ac.cn, Longhai Zhu&zhulh@siwei.com, Tingting Yang&yangtingting@chinamobile.com, Yu Wang&wangyuyjy@chinamobile.com, Yingqing Liu&liuyingqing@chinamobile.com@chinamobile.com, Li Lu&luli@chinamobile.com,PengLin Yang&yangpenglin@hygon.cn

Mailing List: computing-force-network@lists.opendev.org

Meetings: Use bi-weekly meeting of CFN WG

Repository: https://opendev.org/cfn/cfn-security 

StoryBoard: https://storyboard.openstack.org/#!/project/cfn/cfn-security

Open Bugs: TBD

Introduction

CFN deeply integrates cloud computing, network and other technologies, can provide ubiquitous computing power and realize the optimal allocation of resources. CFN provides a powerful infrastructure for data processing and computing. However, due to the special architecture and idea of CFN, CFN itself and the services running in CFN may face certain security problems, and it is necessary to explore security solutions. Some security risks and considerations are listed below.

Security levels are different among computing nodes in CFN, risks of data leakage and data tempering are high on low security computing nodes, so it is necessary to introduce mechanisms of secure computing and storage to keep data security. Service data may be delivered to multiple nodes and it is difficult to locate the data leakage point and responsibility, so introducing the mechanism of data flow security is necessary. Many dynamic connections of node to node across systems and domains will be established, which provides more attack paths to network attackers and increase risks for computing nodes, so it is necessary to introduce special security consideration for network resources and computing resources.

CFN security subgroup is committed to provide security solutions or security suggestions according to the possible security risks of the CFN itself and the services in CFN. Main jobs include:

1 Research on security functions that CFN should support and the security suggestions for each component of CFN.

2 Analyzes the security risks of computing or storage services in CFN, and proposes solutions.

3 Studies new security technologies that can be applied to CFN, and proposes the application methods of the technologies in CFN. *

Documentation & Training

None

Release Planning & Release Notes

1、Research on Computational Security Risks in CFN

Investigate the potential security risks associated with the execution of computing tasks in CFN.

2、Research on Secure Computing Solutions for CFN

Explore currently applicable verifiable computing methods for CFN to enhance the security of computing tasks within CFN.

Previous Releases

1 CFN security risks and security control suggestions v1.0

2 CFN secure storage solution based on white-box cryptography v1.0 *