On the universally composable security of openstack

Kyle Hogan, Hoda Maleki, Reza Rahaeimehr, Ran Canetti, Marten Van Dijk, Jason Hennessey, Mayank Varia, Haibin Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We initiate an effort to provide a rigorous, holistic and modular security analysis of OpenStack. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a worthy mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework. This allows specifying and proving security in a modular way-a crucial feature when analyzing systems of such magnitude. Our analysis has the following key features: 1) It is user-centric: It stresses the security guarantees given to users of the system in terms of privacy, correctness, and timeliness of the services. 2) It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3) It is modular: It formulates security properties for individual components and uses them to prove security properties of the overall system. Specifically, this work concentrates on the high-level structure of OpenStack, leaving the further formalization and more detailed analysis of specific OpenStack services to future work. Specifically, we formulate ideal functionalities that correspond to some of the core OpenStack modules, and then proves security of the overall OpenStack protocol given the ideal components. As demonstrated within, the main challenge in the high-level design is to provide adequately fine-grained scoping of permissions to access dynamically changing system resources. We demonstrate security issues with current mechanisms in case of failure of some components, propose alternative mechanisms, and rigorously prove adequacy of then new mechanisms within our modeling.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE Secure Development, SecDev 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages20-33
Number of pages14
ISBN (Electronic)9781538672891
DOIs
StatePublished - Sep 2019
Externally publishedYes
Event2019 IEEE Secure Development, SecDev 2019 - McLean, United States
Duration: Sep 25 2019Sep 27 2019

Publication series

NameProceedings - 2019 IEEE Secure Development, SecDev 2019

Conference

Conference2019 IEEE Secure Development, SecDev 2019
CountryUnited States
CityMcLean
Period9/25/199/27/19

Keywords

  • Cloud Security
  • Modular Security Analysis
  • OpenStack
  • Universal Composability

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Hogan, K., Maleki, H., Rahaeimehr, R., Canetti, R., Van Dijk, M., Hennessey, J., ... Zhang, H. (2019). On the universally composable security of openstack. In Proceedings - 2019 IEEE Secure Development, SecDev 2019 (pp. 20-33). [8901675] (Proceedings - 2019 IEEE Secure Development, SecDev 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SecDev.2019.00015

On the universally composable security of openstack. / Hogan, Kyle; Maleki, Hoda; Rahaeimehr, Reza; Canetti, Ran; Van Dijk, Marten; Hennessey, Jason; Varia, Mayank; Zhang, Haibin.

Proceedings - 2019 IEEE Secure Development, SecDev 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 20-33 8901675 (Proceedings - 2019 IEEE Secure Development, SecDev 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hogan, K, Maleki, H, Rahaeimehr, R, Canetti, R, Van Dijk, M, Hennessey, J, Varia, M & Zhang, H 2019, On the universally composable security of openstack. in Proceedings - 2019 IEEE Secure Development, SecDev 2019., 8901675, Proceedings - 2019 IEEE Secure Development, SecDev 2019, Institute of Electrical and Electronics Engineers Inc., pp. 20-33, 2019 IEEE Secure Development, SecDev 2019, McLean, United States, 9/25/19. https://doi.org/10.1109/SecDev.2019.00015
Hogan K, Maleki H, Rahaeimehr R, Canetti R, Van Dijk M, Hennessey J et al. On the universally composable security of openstack. In Proceedings - 2019 IEEE Secure Development, SecDev 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 20-33. 8901675. (Proceedings - 2019 IEEE Secure Development, SecDev 2019). https://doi.org/10.1109/SecDev.2019.00015
Hogan, Kyle ; Maleki, Hoda ; Rahaeimehr, Reza ; Canetti, Ran ; Van Dijk, Marten ; Hennessey, Jason ; Varia, Mayank ; Zhang, Haibin. / On the universally composable security of openstack. Proceedings - 2019 IEEE Secure Development, SecDev 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 20-33 (Proceedings - 2019 IEEE Secure Development, SecDev 2019).
@inproceedings{3ea7ac7ee93847a0b1963cccc92e359a,
title = "On the universally composable security of openstack",
abstract = "We initiate an effort to provide a rigorous, holistic and modular security analysis of OpenStack. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a worthy mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework. This allows specifying and proving security in a modular way-a crucial feature when analyzing systems of such magnitude. Our analysis has the following key features: 1) It is user-centric: It stresses the security guarantees given to users of the system in terms of privacy, correctness, and timeliness of the services. 2) It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3) It is modular: It formulates security properties for individual components and uses them to prove security properties of the overall system. Specifically, this work concentrates on the high-level structure of OpenStack, leaving the further formalization and more detailed analysis of specific OpenStack services to future work. Specifically, we formulate ideal functionalities that correspond to some of the core OpenStack modules, and then proves security of the overall OpenStack protocol given the ideal components. As demonstrated within, the main challenge in the high-level design is to provide adequately fine-grained scoping of permissions to access dynamically changing system resources. We demonstrate security issues with current mechanisms in case of failure of some components, propose alternative mechanisms, and rigorously prove adequacy of then new mechanisms within our modeling.",
keywords = "Cloud Security, Modular Security Analysis, OpenStack, Universal Composability",
author = "Kyle Hogan and Hoda Maleki and Reza Rahaeimehr and Ran Canetti and {Van Dijk}, Marten and Jason Hennessey and Mayank Varia and Haibin Zhang",
year = "2019",
month = "9",
doi = "10.1109/SecDev.2019.00015",
language = "English (US)",
series = "Proceedings - 2019 IEEE Secure Development, SecDev 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "20--33",
booktitle = "Proceedings - 2019 IEEE Secure Development, SecDev 2019",

}

TY - GEN

T1 - On the universally composable security of openstack

AU - Hogan, Kyle

AU - Maleki, Hoda

AU - Rahaeimehr, Reza

AU - Canetti, Ran

AU - Van Dijk, Marten

AU - Hennessey, Jason

AU - Varia, Mayank

AU - Zhang, Haibin

PY - 2019/9

Y1 - 2019/9

N2 - We initiate an effort to provide a rigorous, holistic and modular security analysis of OpenStack. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a worthy mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework. This allows specifying and proving security in a modular way-a crucial feature when analyzing systems of such magnitude. Our analysis has the following key features: 1) It is user-centric: It stresses the security guarantees given to users of the system in terms of privacy, correctness, and timeliness of the services. 2) It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3) It is modular: It formulates security properties for individual components and uses them to prove security properties of the overall system. Specifically, this work concentrates on the high-level structure of OpenStack, leaving the further formalization and more detailed analysis of specific OpenStack services to future work. Specifically, we formulate ideal functionalities that correspond to some of the core OpenStack modules, and then proves security of the overall OpenStack protocol given the ideal components. As demonstrated within, the main challenge in the high-level design is to provide adequately fine-grained scoping of permissions to access dynamically changing system resources. We demonstrate security issues with current mechanisms in case of failure of some components, propose alternative mechanisms, and rigorously prove adequacy of then new mechanisms within our modeling.

AB - We initiate an effort to provide a rigorous, holistic and modular security analysis of OpenStack. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a worthy mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework. This allows specifying and proving security in a modular way-a crucial feature when analyzing systems of such magnitude. Our analysis has the following key features: 1) It is user-centric: It stresses the security guarantees given to users of the system in terms of privacy, correctness, and timeliness of the services. 2) It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3) It is modular: It formulates security properties for individual components and uses them to prove security properties of the overall system. Specifically, this work concentrates on the high-level structure of OpenStack, leaving the further formalization and more detailed analysis of specific OpenStack services to future work. Specifically, we formulate ideal functionalities that correspond to some of the core OpenStack modules, and then proves security of the overall OpenStack protocol given the ideal components. As demonstrated within, the main challenge in the high-level design is to provide adequately fine-grained scoping of permissions to access dynamically changing system resources. We demonstrate security issues with current mechanisms in case of failure of some components, propose alternative mechanisms, and rigorously prove adequacy of then new mechanisms within our modeling.

KW - Cloud Security

KW - Modular Security Analysis

KW - OpenStack

KW - Universal Composability

UR - http://www.scopus.com/inward/record.url?scp=85075797424&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85075797424&partnerID=8YFLogxK

U2 - 10.1109/SecDev.2019.00015

DO - 10.1109/SecDev.2019.00015

M3 - Conference contribution

AN - SCOPUS:85075797424

T3 - Proceedings - 2019 IEEE Secure Development, SecDev 2019

SP - 20

EP - 33

BT - Proceedings - 2019 IEEE Secure Development, SecDev 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -