OpenStack Cloud Security Vulnerabilities from Inside and Outside

As usage of cloud computing increases, customers are mainly concerned about choosing cloud infrastructure with sufficient security. Concerns are greater in the multitenant environment on a public cloud. This paper addresses the security assessment of OpenStack open source cloud solution and virtual machine instances with different operating systems hosted in the cloud. The methodology and realized experiments target vulnerabilities from both inside and outside the cloud. We tested four different platforms and analyzed the security assessment. The main conclusions of the realized experiments show that multi-tenant environment raises new security challenges, there are more vulnerabilities from inside than outside and that Linux based Ubuntu, CentOS and Fedora are less vulnerable than Windows. We discuss details about these vulnerabilities and show how they can be solved by appropriate patches and other solutions. Keywords-Cloud Computing; Security Assessment; Virtualization.

[1]  Geoffrey C. Fox,et al.  Comparison of Multiple Cloud Frameworks , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[2]  Mohamed Jmaiel,et al.  A Comparative Study of the Current Cloud Computing Technologies and Offers , 2011, 2011 First International Symposium on Network Cloud Computing and Applications.

[3]  Sasko Ristov,et al.  Cloud Computing Security in Business Information Systems , 2012, ArXiv.

[4]  Marin Litoiu,et al.  An architecture for overlaying private clouds on public providers , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[5]  Sasko Ristov,et al.  A new methodology for security evaluation in cloud computing , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[6]  Martin Gilje Jaatun,et al.  As Strong as the Weakest Link: Handling Compromised Components in OpenStack , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[7]  Marin Orlic,et al.  Criteria for evaluation of open source cloud computing solutions , 2011, Proceedings of the ITI 2011, 33rd International Conference on Information Technology Interfaces.

[8]  Arun Venkataramani,et al.  Disaster Recovery as a Cloud Service: Economic Benefits & Deployment Challenges , 2010, HotCloud.

[9]  Paul,et al.  你需要了解的Microsoft Hyper-V Server 2008 , 2009 .

[10]  Carla Merkle Westphall,et al.  Customer Security Concerns in Cloud Computing , 2011, ICON 2011.

[11]  Jiann-Min Yang,et al.  Analysis on Cloud-Based Security Vulnerability Assessment , 2010, 2010 IEEE 7th International Conference on E-Business Engineering.

[12]  Алексей Вячеславович Бердник Проблемы безопасности облачных вычислений. Анализ методов защиты облаков от cloud Security Alliance , 2013 .

[13]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[14]  John C. S. Lui,et al.  Live Deduplication Storage of Virtual Machine Images in an Open-Source Cloud , 2011, Middleware.

[15]  Munyaradzi Felix Murove Ubuntu , 2012 .

[16]  김형식,et al.  Xen Hypervisor의 취약점 유형 분석 , 2015 .

[17]  刘锋,et al.  Kernel-based virtual machine事件跟踪机制的设计与实现 , 2008 .

[18]  Bofeng Zhang,et al.  Comparison of Several Cloud Computing Platforms , 2009, 2009 Second International Symposium on Information Science and Engineering.

[19]  Judith Kelner,et al.  Open Source Cloud Computing Platforms , 2010, 2010 Ninth International Conference on Grid and Cloud Computing.

[20]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .