Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2014: Trust and Trustworthy Computing pp 127–142Cite as

Towards a Vulnerability Tree Security Evaluation of OpenStack’s Logical Architecture

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8564))

Abstract

Cloud computing’s rapid development has favored the emergence of many other technologies like OpenStack, which is the most popular open-source cloud management software. OpenStack has received a lot of praise lately thanks to its ease of use and its vibrant community, but it has also started garnering attention in the national vulnerability database. Furthermore, OpenStack has a logical architecture in which, the degree of interconnectedness within and between the components is a source of many security concerns. To prevent the damages that can be caused by the combination of these security issues, we proposed a vulnerability tree security analysis of OpenStack’s logical architecture that allowed us to generate ready-to-use vulnerability trees of the major services or components of the architecture. We also suggested an amendment of OpenStack’s vulnerability naming, because the current naming does not cope well with our proposal.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OpenStack (2014), http://www.openstack.org

  2. Eucalyptus (2014), http://www.eucalyptus.com

  3. OpenNebula (2014), http://opennebula.org

  4. Apache Foundation, CloudStack, http://cloudstack.apache.org

  5. Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System (CVSS) Version 2.0 (2007), http://www.first.org/cvss/cvss-guide

  6. U.S National Institute of Science and Technology (NIST), National Vulnerability Database (NVD), http://nvd.nist.gov

  7. Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: In: Fault tree handbook. No. NUREG-0492. Nuclear regulatory commission washington dc (1981)

    Google Scholar 

  8. Vesely, W.: Fault Tree Analysis (FTA): Concepts and Applications. NASA document, http://www.hq.nasa.gov/office/codeq/risk/ftacourse.pdf (accessed April 2014)

  9. Bedford, T., Cooke, R.: Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press (2011)

    Google Scholar 

  10. Fall, D., Chaisamran, N., Okuda, T., Kadobayashi, Y., Yamaguchi, S.: Security Quantification of Complex Attack. In: Infrastructure as a Service Cloud Computing. In: 3rd International Conference on Cloud Computing and Services Science (June 2013)

    Google Scholar 

  11. Cheikes, B.A., Waltermire, D., Scarfone, K.: Common Platform Enumeration: Naming Specification Version 2.3, NISTIR 7695 (2011)

    Google Scholar 

  12. Zhai, E., Wolinsky, D.I., Xiao, H., Liu, H., Su, X., Ford, B.: Auditing the structural reliability of the clouds. Technical Report YALEU/DCS/TR-1479, Department of Computer Science, Yale University (2013), http://www.cs.yale.edu/homes/zhai-ennan/sra.pdf

  13. Xiao, H., Ford, B., Feigenbaum, J.: Structural cloud audits that protect private information. In: Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop, pp. 101–112. ACM (2013)

    Google Scholar 

  14. Khan, R.H., Ylitalo, J., Ahmed, A.S.: OpenID Authentication as a Service in openStack. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 372–377. IEEE (2011)

    Google Scholar 

  15. Ristov, S., Gusev, M., Donevsky, A.: OpenStack Cloud Security Vulnerabilities From Inside and Outside. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization, CLOUD COMPUTING 2013, pp. 101–107 (2013)

    Google Scholar 

  16. Donevski, A., Ristov, S., Gusev, M.: Security assessment of virtual machines in open source clouds. In: 2013 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 1094–1099. IEEE (2013)

    Google Scholar 

  17. TaheriMonfared, A., Jaatum, M.G.: As Strong As The Weakest Link: Handling Compromised Components in OpenStack. In: Proceedings of the Third IEEE International Conference on Cloud Computing Technology and Science, CloudCom (2011)

    Google Scholar 

  18. Buttner, A., Ziring, N.: Common Platform Enumeration (CPE) - Specification Version 2.2 (March 2009)

    Google Scholar 

  19. Failure mode and effects analysis, http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis

  20. Root cause analysis, http://en.wikipedia.org/wiki/Root_cause_analysis

Download references

Author information

Authors and Affiliations

  1. Internet Engineering Laboratory, Nara Institute of Science and Technology, Japan

    Doudou Fall, Takeshi Okuda, Youki Kadobayashi & Suguru Yamaguchi

Authors
  1. Doudou Fall
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takeshi Okuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Youki Kadobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suguru Yamaguchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair for Systems Security, Ruhr-University Bochum, Universitätsstr. 150, ID 2/439, 44780, Bochum, Germany

    Thorsten Holz

  2. Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Greece

    Sotiris Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Fall, D., Okuda, T., Kadobayashi, Y., Yamaguchi, S. (2014). Towards a Vulnerability Tree Security Evaluation of OpenStack’s Logical Architecture. In: Holz, T., Ioannidis, S. (eds) Trust and Trustworthy Computing. Trust 2014. Lecture Notes in Computer Science, vol 8564. Springer, Cham. https://doi.org/10.1007/978-3-319-08593-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08593-7_9

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08592-0

  • Online ISBN: 978-3-319-08593-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation