Towards a Vulnerability Tree Security Evaluation of OpenStack’s Logical Architecture

  • Doudou Fall
  • Takeshi Okuda
  • Youki Kadobayashi
  • Suguru Yamaguchi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8564)

Abstract

Cloud computing’s rapid development has favored the emergence of many other technologies like OpenStack, which is the most popular open-source cloud management software. OpenStack has received a lot of praise lately thanks to its ease of use and its vibrant community, but it has also started garnering attention in the national vulnerability database. Furthermore, OpenStack has a logical architecture in which, the degree of interconnectedness within and between the components is a source of many security concerns. To prevent the damages that can be caused by the combination of these security issues, we proposed a vulnerability tree security analysis of OpenStack’s logical architecture that allowed us to generate ready-to-use vulnerability trees of the major services or components of the architecture. We also suggested an amendment of OpenStack’s vulnerability naming, because the current naming does not cope well with our proposal.

Keywords

OpenStack Vulnerability Tree security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    OpenStack (2014), http://www.openstack.org
  2. 2.
    Eucalyptus (2014), http://www.eucalyptus.com
  3. 3.
    OpenNebula (2014), http://opennebula.org
  4. 4.
    Apache Foundation, CloudStack, http://cloudstack.apache.org
  5. 5.
    Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System (CVSS) Version 2.0 (2007), http://www.first.org/cvss/cvss-guide
  6. 6.
    U.S National Institute of Science and Technology (NIST), National Vulnerability Database (NVD), http://nvd.nist.gov
  7. 7.
    Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: In: Fault tree handbook. No. NUREG-0492. Nuclear regulatory commission washington dc (1981)Google Scholar
  8. 8.
    Vesely, W.: Fault Tree Analysis (FTA): Concepts and Applications. NASA document, http://www.hq.nasa.gov/office/codeq/risk/ftacourse.pdf (accessed April 2014)
  9. 9.
    Bedford, T., Cooke, R.: Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press (2011)Google Scholar
  10. 10.
    Fall, D., Chaisamran, N., Okuda, T., Kadobayashi, Y., Yamaguchi, S.: Security Quantification of Complex Attack. In: Infrastructure as a Service Cloud Computing. In: 3rd International Conference on Cloud Computing and Services Science (June 2013)Google Scholar
  11. 11.
    Cheikes, B.A., Waltermire, D., Scarfone, K.: Common Platform Enumeration: Naming Specification Version 2.3, NISTIR 7695 (2011)Google Scholar
  12. 12.
    Zhai, E., Wolinsky, D.I., Xiao, H., Liu, H., Su, X., Ford, B.: Auditing the structural reliability of the clouds. Technical Report YALEU/DCS/TR-1479, Department of Computer Science, Yale University (2013), http://www.cs.yale.edu/homes/zhai-ennan/sra.pdf
  13. 13.
    Xiao, H., Ford, B., Feigenbaum, J.: Structural cloud audits that protect private information. In: Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop, pp. 101–112. ACM (2013)Google Scholar
  14. 14.
    Khan, R.H., Ylitalo, J., Ahmed, A.S.: OpenID Authentication as a Service in openStack. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 372–377. IEEE (2011)Google Scholar
  15. 15.
    Ristov, S., Gusev, M., Donevsky, A.: OpenStack Cloud Security Vulnerabilities From Inside and Outside. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization, CLOUD COMPUTING 2013, pp. 101–107 (2013)Google Scholar
  16. 16.
    Donevski, A., Ristov, S., Gusev, M.: Security assessment of virtual machines in open source clouds. In: 2013 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 1094–1099. IEEE (2013)Google Scholar
  17. 17.
    TaheriMonfared, A., Jaatum, M.G.: As Strong As The Weakest Link: Handling Compromised Components in OpenStack. In: Proceedings of the Third IEEE International Conference on Cloud Computing Technology and Science, CloudCom (2011)Google Scholar
  18. 18.
    Buttner, A., Ziring, N.: Common Platform Enumeration (CPE) - Specification Version 2.2 (March 2009)Google Scholar
  19. 19.
  20. 20.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Doudou Fall
    • 1
  • Takeshi Okuda
    • 1
  • Youki Kadobayashi
    • 1
  • Suguru Yamaguchi
    • 1
  1. 1.Internet Engineering LaboratoryNara Institute of Science and TechnologyJapan

Personalised recommendations