Back To Schedule
Thursday, April 19 • 4:40pm - 5:20pm
A Security Analysis of the OpenStack Infrastructure (Seacliff AB)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

We perform an analysis of the OpenStack infrastructure from which we are able to derive a complete strategy for defence-in-depth. We will present a concise system description which explicitly enumerates the assumptions and vulnerabilities present in real systems, and allows us to put each potential defensive measure into context within the architecture of OpenStack. 

Our analysis models the way an attacker works within the system, finding chains of weaknesses which lead to a desired goal. Once we can understand and exhibit the consequences of the compromise of any individual component, we may then concentrate our hardening efforts without cognitive bias or naive assumption.

The analysis is interesting because it goes some way towards explaining the "Honeymoon Period" for discovery of system vulnerability (Blaze, Clark et al), and can increase the time between successful exploits by acknowledging that an attack is a constructive proof of vulnerability which must be broken in as many places as possible.


Paul McMillan

Paul McMillan has been interested in security from an early age when he realized that it was a lot more fun to hack games than play them (even when the hacking took far more effort). While he doesn't play many games anymore, he has found network and web application security to be... Read More →
avatar for Shevek


Shevek is an expert programmer who has worked on cutting edge research in systems and security, compilers and language design, algorithms and optimization. He is capable of maintaining a very straight face under questioning on topics including "Why is our printer playing 'happy birthday... Read More →

Thursday April 19, 2012 4:40pm - 5:20pm PDT
Seacliff AB Bayview Level, Hyatt Regency Hotel

Attendees (0)