Abstract
New security challenges are raised because of cloud computing when contrasted with customary on-start as a result of its multi-occupant virtual condition on each cloud layer, namely Platform as a Service—PaaS, Infrastructure as a Service—IaaS, or Software as a Service—SaaS. Open clouds are utilizing restrictive cloud programming and security is generally kept up by issuing organizations. Security remains a concern for private clouds. Numerous components influence the cloud mis-configuration and integrity that could emerge on the grounds that security is kept up by an outsider. The target of this investigation is to inspect the territory of OpenStack cloud specifically. This will give a more noteworthy comprehension of in what way cloud computing capacities and any kinds of issues of security emerge in that. The investigation comprises three sections; in the primary section, the foundation of cloud computing and OpenStack is described. In the second section, OpenStack architecture is described. In the third section, known vulnerability exploitation and mitigation strategies are presented along with an assessment of various vulnerabilities in OpenStack is conducted utilizing top security scanners namely Metasploit and OpenVAS in an attempt to finding new vulnerabilities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bharati, M., Tamane, S.: Defending against bruteforce attack using open source-SNORT. In: IEEE—International Conference on Inventive Computing and Informatics-2017 (2017). https://ieeexplore.ieee.org/document/8365267/. https://doi.org/10.1109/ICICI.2017.8365267
Bharati, M., Tamane, S.: Intrusion detection systems (IDS) & future challenges in cloud based environment. In: 2017 1st International Conference on Intelligent Systems and Information Management (ICISIM). https://ieeexplore.ieee.org/document/8122180. https://doi.org/10.1109/icisim.2017.8122180
OpenStack Pike: https://releases.openstack.org/pike/
Networking in OpenStack: Panoramic view: https://ilearnstack.com/tag/openstack/
Albaroodi, H., Manickam, S., Singh, P.: Critical review of open-stack security: issues and weeknesses. J. Comput. Sci. 10(1), 23–33 (2014) (National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, 11800, Penang, Malaysia)
The Heartbleed bug: http://heartbleed.com/, Openstack—manage IP addresses: https://docs.openstack.org/ocata/user-guide/cli-manage-ipaddresses.html
Installing Metasploit Pro, Ultimate, Express, and Community: https://metasploit.help.rapid7.com/docs
OpenVAS: http://www.openvas.org
Openstack firewalls and default ports: https://docs.openstack.org/newton/config-reference/firewalls-defaultports.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bharati, M.P., Tamane, S.C. (2020). Security Vulnerabilities of OpenStack Cloud and Security Assessment Using Different Software Tools. In: Zhang, YD., Mandal, J., So-In, C., Thakur, N. (eds) Smart Trends in Computing and Communications. Smart Innovation, Systems and Technologies, vol 165. Springer, Singapore. https://doi.org/10.1007/978-981-15-0077-0_22
Download citation
DOI: https://doi.org/10.1007/978-981-15-0077-0_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0076-3
Online ISBN: 978-981-15-0077-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)