Title :
Security evaluation of open source clouds
Author :
Ristov, Sasko ; Gusev, Marjan
Author_Institution :
Fac. of Inf. Sci. & Comput. Eng., Ss. Cyril & Methodius Univ. Rugjer, Skopje, Macedonia
Abstract :
In this paper we analyze most common open source cloud architectures. We installed OpenStack, Eucalyptus, Open-Nebula, and CloudStack and evaluated the security aspects of their architecture and their compliance with security requirements defined by the ISO 27001:2005 standard which specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization´s overall business risks. Although the analyzed open source cloud solutions offer scalable and flexible platforms for IaaS and provide a lot of security measures, still our research results show security incompliance with several ISO 27001:2005 controls and control objectives that directly depend on cloud software solutions.
Keywords :
ISO standards; cloud computing; public domain software; risk analysis; security of data; CloudStack; Eucalyptus; ISO 27001:2005 standard; IaaS; Open-Nebula; OpenStack; business risks; cloud software solutions; documented information security management system; open source cloud architectures; security evaluation; security requirements; Cloud computing; Companies; Computer architecture; ISO standards; Security; Servers; Cloud Architecture; Cloud Computing Security; ISO 27001:2005; Open Source;
Conference_Titel :
EUROCON, 2013 IEEE
Conference_Location :
Zagreb
Print_ISBN :
978-1-4673-2230-0
DOI :
10.1109/EUROCON.2013.6624968
