An Analysis of OpenStack Vulnerabilities

Authors

Abstract

Cloud management frameworks provide an effective way to deploy and manage the hardware, storage and network resources for supporting critical cloud infrastructures. OpenStack is used in the context of business critical systems and frequently deals with highly sensitive resources, where a security breach may result in severe damage, including information theft or financial losses. Despite this, there is little information on how much security is a concern during design and implementation of OpenStack components. This work analyses 5 years of security reports on OpenStack and the corresponding patches, with the goal of characterizing the most frequent vulnerabilities, how they can be exploited, and their root causes. The goal is to identify vulnerability trends, characterize frequent threats, and shed some light on the overall security of OpenStack. Special focus is placed on the framework component for virtualization management (Nova), by also analyzing the code of the available patches. Overall results show a preponderance of vulnerabilities that may be exploited to cause DoS and expose sensitive information. Also, 2/3 of the total number of vulnerabilities can be exploited by insider attacks, urging administrators to focus protection efforts on them. Finally, many bugs remain undetected for long periods when most of them are easy to avoid or detect and correct.

Conference

13th European Dependable Computing Conference (EDCC), September 2017

DOI