On the Universally Composable Security of OpenStack
| dc.contributor.author | Hogan, Kyle | |
| dc.contributor.author | Maleki, Hoda | |
| dc.contributor.author | Rahaeimehr, Reza | |
| dc.contributor.author | Canetti, Ran | |
| dc.contributor.author | van Dijk, Marten | |
| dc.contributor.author | Hennessey, Jason | |
| dc.contributor.author | Varia, Mayank | |
| dc.contributor.author | Zhang, Haibin | |
| dc.date.accessioned | 2018-08-15T15:11:40Z | |
| dc.date.available | 2018-08-15T15:11:40Z | |
| dc.date.issued | 2018 | |
| dc.description.abstract | OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. We initiate an effort to provide a rigorous and holistic security analysis of OpenStack. Our analysis has the following key features: -It is user-centric: It stresses the security guarantees given to users of the system, in terms of privacy, correctness, and timeliness of the services. -It provides defense in depth: It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. -It is modular: It formulates security properties for individual components and uses them to assert security properties of the overall system. We base our modeling and security analysis in the universally composable (UC) security framework, which has been so far used mainly for analyzing security of cryptographic protocols. Indeed, demonstrating how the UC framework can be used to argue about security-sensitive systems which are mostly non-cryptographic in nature is another main contribution of this work. Our analysis covers only a number of core components of OpenStack. Still, it uncovers some basic and important security trade-offs in the design. It also naturally paves the way to a more comprehensive analysis of OpenStack. | en_US |
| dc.description.sponsorship | This work is supported by the National Science Foundation as part of the MACS Frontier project (bu.edu/macs) | en_US |
| dc.description.uri | https://eprint.iacr.org/2018/602 | en_US |
| dc.format.extent | 125 pages | en_US |
| dc.genre | technical report | en_US |
| dc.identifier | doi:10.13016/M2542JC3B | |
| dc.identifier.citation | Kyle Hogan, Hoda Maleki, Reza Rahaeimehr,Ran Canetti, Marten van Dijk, Jason Hennessey, Mayank Varia and Haibin Zhang. "On the Universally Composable Security of OpenStack." Cryptology ePrint Archive, Report 2018/602, 2018, https://eprint.iacr.org/2018/602. | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/11047 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please contact the author. | |
| dc.rights | Attribution 3.0 Unported (CC BY 3.0) | * |
| dc.rights.uri | https://creativecommons.org/licenses/by/3.0/ | * |
| dc.subject | Modular Security Analysis | en_US |
| dc.subject | Universal Composability | en_US |
| dc.subject | Cloud Security | en_US |
| dc.subject | OpenStack | en_US |
| dc.title | On the Universally Composable Security of OpenStack | en_US |
| dc.type | Text | en_US |
Files
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.68 KB
- Format:
- Item-specific license agreed upon to submission
- Description: