The cloud computing paradigm entails a radical change in IT provisioning, which must be understood and correctly applied especially when security requirements are considered. Security requirements do not cover anymore just the application itself, but involve the whole cloud supply chain from the hosting infrastructure to the final applications. This scenario requires, on one side, new security mechanisms protecting the cloud against misbehaviors/malicious attacks and, on the other side, a continuous and adaptive assurance process evaluating the observed cloud security behavior against the expected one. In this paper, we focus on the evaluation of the security assurance of OpenStack, a major open source cloud infrastructure. We first define a security benchmark for OpenStack, inspired by Center for Internet Security (CIS) benchmark for cloud infrastructures. We then present a platform, called Moon Cloud, for cloud security assurance evaluation, showing an application of our benchmark and platform to the in-production OpenStack deployment of the University of Milan.
A Security Benchmark for OpenStack / M. Anisetti, C.A. Ardagna, E. Damiani, F. Gaudenzi, P. Tufarolo - In: Cloud Computing (CLOUD), 2017 IEEE 10th International Conference on[s.l] : IEEE, 2017. - ISBN 9781538619933. - pp. 294-301 (( Intervento presentato al 10. convegno CLOUD tenutosi a Honolulu nel 2017 [10.1109/CLOUD.2017.45].
A Security Benchmark for OpenStack
M. Anisetti;C.A. Ardagna;E. Damiani;F. Gaudenzi;
2017
Abstract
The cloud computing paradigm entails a radical change in IT provisioning, which must be understood and correctly applied especially when security requirements are considered. Security requirements do not cover anymore just the application itself, but involve the whole cloud supply chain from the hosting infrastructure to the final applications. This scenario requires, on one side, new security mechanisms protecting the cloud against misbehaviors/malicious attacks and, on the other side, a continuous and adaptive assurance process evaluating the observed cloud security behavior against the expected one. In this paper, we focus on the evaluation of the security assurance of OpenStack, a major open source cloud infrastructure. We first define a security benchmark for OpenStack, inspired by Center for Internet Security (CIS) benchmark for cloud infrastructures. We then present a platform, called Moon Cloud, for cloud security assurance evaluation, showing an application of our benchmark and platform to the in-production OpenStack deployment of the University of Milan.
| File | Dimensione | Formato | |
|---|---|---|---|
|
08030601.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
309.23 kB
Formato
Adobe PDF
|
309.23 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
