Laboratory for Internet and Innovative Technologies

Cloud paradigm opens a series of new security challenges for customers. The decision to migrate the services from on-premise resources to public clouds relies on the security measures that cloud service provider takes, but more important is the trustworthiness between the cloud service provider and the cloud customer. Another solution is to create a private cloud in which the customer is fully responsible for security challenges. In this paper we assess the security aspects of the OpenStack cloud software solution. Although OpenStack offers a very scalable and flexible platform for IaaS and a lot of security measures are taken, still we found security in-compliance with several ISO 27001:2005 controls and control objectives that directly depend on the cloud software solution. We also evaluate and compare the compliance of other common open source cloud solutions as offer the customers a possibility to build their own private clouds or even a hybrid cloud.


Sasko Ristov, Marjan Gusev, and Magdalena Kostoska


Cloud Architecture, Cloud Computing Security, ISO 27001:2005, Open source, OpenStack

Full Paper

The paper is published in Proceedings of the 7th Annual South East European Doctoral Student Conference, DSC 2012, Thessaloniki, Greece, (eds. K. Bratanis, D. Dranidis, P. Koktsidis, L. Lazouras, E. Nikolaidou), 2012, ISBN 978-960-9416-05-4