As one of the most popular tools for automatic operation and maintenance in cloud platforms,Ansible usually stores a lot of administrator accounts information in a configuration file for batehing executions.The configuration file is usually stored in the disk in plain text.However,it is not safe in the cloud because the confidentiality and integrity of configuration of Ansible depend on the security of the underlying software.Therefore,it is crucial to reinforce the security of configuration management mechanism of Ansible.In this paper,we implement a configuration management component for Ansible based on SGX (Software Guard eXtensions) proposed by Intel in recent years,which can manage the configuration information of Ansible in a trusted execution environment (TEE) independently.With this component,the configuration information cannot be read or written from outside and its security doesn't depend on the underlying software.The experiments show that our solution is more reliable,and the extra overhead is also acceptable.It is possible to extend our application to a general component for configuration protection in cloud platforms such as OpenStack.%Ansible是当今最主流的云平台自动化运维工具之一,通常拥有大量集群的管理员账号信息来批量执行运维任务,这些账号信息一般明文存储在配置文件中.但在云计算环境中这种机制具有较大的安全隐患,因为Ansible 的配置信息的机密性和完整性依赖云服务厂商提供的基础软件的安全性.因此,加强Ansible配置信息管理机制的安全性至关重要.本文基于Intel近年推出的安全机制SGX(Software Guard eXtensions)开发了Ansible的配置管理模块,它可以独立地在可信的执行环境(Trusted Execution Environment,TEE)内管理Ansible的配置信息,从而保证了Ansible配置信息不被外界读取和修改,同时其安全性不再依赖于底层基础软件.实验评估显示,本文方案更加安全可靠,性能的额外开销也在接受范围之内,而且可以进一步扩展成通用的配置管理组件集成到OpenStack等云平台中.
展开▼