Security Vulnerability Assessment of OpenStack Cloud

Author

Ristov, Sasko ; Gusev, Marjan ; Donevski, Aleksandar

Author_Institution

Fac. of Comput. Sci. & Eng., Ss. Cyril & Methodius Univ., Skopje, Macedonia

fYear

2014

Firstpage

95

Lastpage

100

Abstract

Migrating the virtual machines from on-premise to cloud raises new security challenges for a company. A potential threat to the tenants are not only the Internet hackers, but also the cloud service provider and the other co-tenants, due to the multi-tenancy feature. The cloud service provider´s security is challenged by the tenants, as well. Deploying the open source cloud raises additional challenges since the intruders have access to the cloud source code and can assess its vulnerabilities. In this paper, we thoroughly assess the security vulnerabilities of OpenStack cloud framework, one of the most used open source cloud frameworks today. We assess the vulnerabilities of OpenStack server node, virtual machine instances and OpenStack´s Dashboard, the web management interface. The security assessment shows that OpenStack cloud has security vulnerabilities that need to be secured by developing the patch.

Keywords

cloud computing; public domain software; security of data; user interfaces; virtual machines; Internet hackers; OpenStack cloud framework; OpenStack dashboard; Web management interface; cloud service provider; cloud source code; multitenancy feature; open source cloud frameworks; security vulnerability assessment; server node; virtual machine instances; Cloud computing; ISO standards; Operating systems; Ports (Computers); Security; Servers; Virtual machining; Cloud; OpenStack; Security Assessment;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence, Communication Systems and Networks (CICSyN), 2014 Sixth International Conference on

Print_ISBN

978-1-4799-5075-1

Type

conf

DOI

10.1109/CICSyN.2014.32

Filename

7059151