Security Issues in OpenStack | Rostyslav Slipetskyy
| Abstract | Cloud computing is a relatively novel topic in Information Technology that attracts significant attention from the public and private sectors nowadays. Despite the amount of attention towards cloud computing , barriers to widespread adoption of it still exist, security being named the most important one. OpenStack is an open-source software for building private and public clouds, which was initially created by the source code contribution from NASA, the National Aeronautics and Space Administration of the USA, and Rackspace, a company providing web hosting and cloud computing services. At the moment the number of companies and organizations involved in the OpenStack project has grown to 76, which emphasizes the importance of studying OpenStack and researching how various security issues are handled in this software.
Since cloud computing is a novel and dynamic area which still evolves, there is no worldwide accepted specification for security assessment of cloud computing services. At the same time different organizations try to create their own guidelines for cloud security. We start our work with comparing available cloud security documents and create a list of issues found in all analyzed documents. Based on that list we later analyze two selected areas in OpenStack Object Storage: 1) Identity and access management and 2) Data management.
As a result of our analysis we achieve the following: 1) find a security vulnerability which allows administrators with lower permissions to obtain credentials of administrators with higher permissions; 2) report inadequately high permissions of one type of administrators which allows to read/delete all the files of all the users; 3) find a possibility to compromise isolation of files with subsequent overwrite of one file by another. Besides, we report poor password management procedures employed in available authentication systems and submit our proposals for implementing data location compliance and backup/recovery functionality in OpenStack Object Storage. | Type | Master's thesis [Academic thesis] | Year | 2011 | Publisher | Technical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk | Address | Asmussens Alle, Building 305, DK-2800 Kgs. Lyngby, Denmark | Series | IMM-M.Sc.-2011-51 | Note | Supervised by Prof. Danilo Gligoroski, Norwegian University of Science and Technology, and Associate Prof. Christian W. Probst, probst@imm.dtu.dk, DTU Informatics | Electronic version(s) | [pdf] | Publication link | http://www.imm.dtu.dk/English.aspx | BibTeX data | [bibtex] | IMM Group(s) | Computer Science & Engineering |
|