Universal Composability Analysis of OpenStack
Reza Rahaeimehr‡, Hoda Maleki‡
A joint work with:
Ran Canetti†, Marten van Dijk‡, Jason Hennessey†, Kyle Hogan†, Mayank Varia†, and Haibin Zhang‡
Outlines
 Introduction
 Cloud Computing
 OpenStack
 Universal Composability(UC)
 Why UC?
 Security Analysis Approach
 Conclusion
2
Cloud Computing
Cloud Platform
3
Cloud Security Issues
 Cloud Platform
 Huge software
 Many bugs
 Cloud serves several different applications
 Isolation
 Shared underling hardware
 Bugs
 Cloud serves many people
 Attackers, Hackers
 Privacy, Confidentiality
4
OpenStack Security Issues
 Cloud issues
• Widely Used
• Attractive for attackers
• Deployment model
• Infrastructure as a Service (IaaS)
 Community based development Model
 Difficulty of security analysis
 Lack of clear security model
 Not well defined APIs
 Lots of plug ins
5
Solution?
Universal Composability
6
Universal Composability
 General-purpose model for security analysis of protocols
 Perfect for modular systems
 Common understanding and common language
 Introduced by Ran Canetti in 2000
7
Universal Composability-Overview
 Secure protocols remain secure
 Security proof based on emulation
 A protocol emulates another one,
 if no environment (observer) can distinguish the executions
 P1 ≈ P2
8
Universally Composable Security Analysis of OpenStack
Goals
 Better understanding of OpenStack’s security
guarantees (for OpenStack Users/Customers)
 Assist in identifying highest-impact security
improvements (for OpenStack Developers)
 Formal definition of OpenStack security-related
functionality (for Cryptographers)
 Study the security interfaces between
components which has not been studied well
Steps
• Define Functionality of Ideal Cloud
• Define Functionality of Ideal Components
• Show that Components realize the Ideal Cloud
Functionality
• Propose OpenStack Modifications to realize the
Functionalities
• Propose Component Implementations that
realize the Functionalities
9
Ideal World
Ideal OpenStack
 Accurate
 No time
Ideal Functionalities:






Create Node
Delete Node
Upload Image
Delete Image
Create Volume
…
10
Cataloging Control Flow Between Components
11
Security Analysis
12
Security Analysis
≈
Simulator
13
Next Steps
Ideal World
≈
Hybrid
World 1
≈
Hybrid
World 2
…
Hybrid
World n
≈
Real World
14
Security Analysis
≈
≈
Simulator
15
Conclusion
 OpenStack security must be analyzed
 UC
 Better understanding of cloud security model
 Bolds security bottlenecks and concerns
 Needs Time and Expertise
16
Picture References
 http://sthelenslscb.org.uk
 http://www.dell.com
 https://www.openstack.org
17
Contact Info
 Reza Rahaeimehr, [email protected]
 Mayank Varia, [email protected]
18
Thanks!
19