Show simple item record

dc.contributor.authorHogan, Kyleen_US
dc.contributor.authorMaleki, Hodaen_US
dc.contributor.authorRahaeimehr, Rezaen_US
dc.contributor.authorCanetti, Ranen_US
dc.contributor.authorDijk, Marten vanen_US
dc.contributor.authorHennessey, Jasonen_US
dc.contributor.authorVaria, Mayanken_US
dc.contributor.authorZhang, Haibinen_US
dc.date.accessioned2020-05-08T19:13:21Z
dc.date.available2020-05-08T19:13:21Z
dc.date.issued2019
dc.identifierhttps://ieeexplore.ieee.org/xpl/conhome/8894011/proceeding
dc.identifier.citationKyle Hogan, Hoda Maleki, Reza Rahaeimehr, Ran Canetti, Marten van Dijk, Jason Hennessey, Mayank Varia, Haibin Zhang. 2019. "On the Universally Composable Security of OpenStack." 2019 IEEE Cybersecurity Development (SecDev). https://doi.org/10.1109/SecDev.2019.00015
dc.identifier.urihttps://hdl.handle.net/2144/40719
dc.description.abstractWe initiate an effort to demonstrate how we can provide a rigorous, perceptible and holistic security analysis of a very large scale system. We choose OpenStack to exemplify our approach. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a crucial mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework, which has been so far used mainly for analyzing security of cryptographic protocols. Indeed, demonstrating how the UC framework can be used to argue about security-sensitive systems which are mostly non-cryptographic, in nature, is one of the main contributions of this work. Our analysis has the following key features: 1. It is user-centric: It stresses the security guarantees given to users of the system, in terms of privacy, correctness, and timeliness of the services. 2. It provides defense in depth: It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3. It is modular: It formulates security properties for individual components and uses them to assert security properties of the overall system. 4. It is extendable: Due to the scale of OpenStack, we limit the analysis to some core services of OpenStack at a high level. The analysis is extendable to more detail of the services, and other services can be added to the model using the same methodology, without much conceptual di culty. Because of the modularity of the analysis, new services can be added one by one, almost independently of each other. Although our analysis covers only a number of core components of OpenStack, it formulates some basic and important security trade o s in the design. It also naturally paves the way to a more comprehensive analysis of OpenStack. In addition, as a by-product result of our modeling, we introduce a novel tokening mechanism, RAFT, which is backward compatible with Fernet Token currently used in OpenStack. By applying the UC framework, we prove that RAFT's one-time use tokens can realize a more secure OpenStack cloud than bearer tokens do.en_US
dc.format.extentp. 20 - 33en_US
dc.language.isoen_US
dc.publisherIEEEen_US
dc.relation.ispartofSecDev
dc.subjectModular security analysisen_US
dc.subjectUniversal composabilityen_US
dc.subjectCloud securityen_US
dc.subjectOpenStacken_US
dc.titleOn the universally composable security of OpenStacken_US
dc.typeConference materialsen_US
dc.description.versionFirst author draften_US
dc.identifier.doi10.1109/SecDev.2019.00015
pubs.elements-sourcedblpen_US
pubs.notesEmbargo: No embargoen_US
pubs.organisational-groupBoston Universityen_US
pubs.organisational-groupBoston University, College of Arts & Sciencesen_US
pubs.organisational-groupBoston University, College of Arts & Sciences, Department of Computer Scienceen_US
dc.identifier.mycv502236


This item appears in the following Collection(s)

Show simple item record