1 / 20

Security Issues in Open Stack

Security Issues in Open Stack. Rostyslav Slipetskyy’s Maste’s thesis Submission date: June 2011 Presenter: 陳傑威. Agenda. Definition. OpenStack is open source cloud operating system. (e.g. Salesforce). NIST (National Institute of Standards and Technology, 美國國家技術標準局 ):

kieu
Télécharger la présentation

Security Issues in Open Stack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues in OpenStack RostyslavSlipetskyy’sMaste’s thesis Submission date: June 2011 Presenter: 陳傑威

  2. Agenda

  3. Definition OpenStack is open source cloud operating system. (e.g. Salesforce) NIST(National Institute of Standards and Technology, 美國國家技術標準局): Cloud Computing is a model for enabling convenient, on-demand network accessto a shared pool of configurable computing resources (e.g., networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimalmanagement effort or service provider interaction (e.g. Hadoop) (e.g. OpenStack)

  4. What is OpenStack Projects: + S3 EC2 (Eucalyptus)

  5. What is OpenStack(2) 研究機構 政府機構 金融機構 製藥公司 電子商務公司 媒體 …

  6. Security Issues in OpenStack (thesis) • Main Objective: Analyze how various security issues are handled in OpenStack

  7. Security Issues Identified CSA (Cloud Security Alliance 雲端安全聯盟) ENISA(European Network and Information Security Agency 歐洲網路資訊安全局) NIST(National Institute of Standards and Technology 國家標準技術研究所)

  8. Security Issues Identified (2) • 1.OpenStack Object Storage • 2. Security issues: • Identity and Access Management • Data Management

  9. OpenStack Installation 安裝在虛擬環境中的OpenStack Object Storage

  10. Security Isseus: • Identity and Access Management Security Issues • Identity Provisioning/Deprovisioning • Identity Federation • Authentication • Authorization and Access Control • Data Management Security Issues • Data Location • Isolation • Backup and Recovery • Deletion • Encryption and Key Management • Integrity Verification

  11. Identity Provision/Deprovisioning • Overview • 2 back-end system: • Devauth: user data are stored in SQLite database. • Swauth: user data are stored as files in Object Storage. • 4 roles: • User: has no permissions relative to user management. • Admin: can add users to an account where he is an administrator. In swauth can delete users from administered accounts. • Reseller Admin: has Admin permissions on all the accounts. Cannot add other Reseller Admins. • Super Admin: the most powerful user, who can perform all user management procedures, including adding Reseller Admins.

  12. Authentication OpenStack Object Storage 的認證方式

  13. Authentication Systems: Devauth • User data (passwords, groups) are stored in SQLite database

  14. Authentication Systems: Swauth • User data (passwords, groups) are stored as JSON-encoded data in text files in Object Storage

  15. Authentication: Security Token Generation • Session ID Analysis: 1.Set token expiration time to 0 seconds . 2. Obtain10000 tokens generated for the same user. 3. Analyze tokens with WebScarab to check patterns. 4. Analyze generated tokens with Burp Sequencer tool.

  16. Authentication: Security Token Generation(2)

  17. Authentication: Portability of stored data • Devauth不適用 • Swauth

  18. Data Management 在OpenStack Object Storage中的數據檢索

  19. Data Management(2)

  20. END!

More Related