Laboratory for Internet and Innovative Technologies

In this paper we analyze most common open source cloud architectures. We installed OpenStack, Eucalyptus, Open-Nebula, and CloudStack and evaluated the security aspects of their architecture and their compliance with security requirements defined by the ISO 27001:2005 standard which specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks. Although the analyzed open source cloud solutions offer scalable and flexible platforms for IaaS and provide a lot of security measures, still our research results show security incompliance with several ISO 27001:2005 controls and control objectives that directly depend on cloud software solutions.


Sasko Ristov, and Marjan Gusev


Cloud Architecture, Cloud Computing Security, ISO 27001:2005, Open Source

Full Paper

The paper is published in EUROCON 2013, Proceedings of the 8th Int. Conference on computer as a tool, Zagreb, Croatia, IEEE, ISBN: 978-1-4673-2231-7, 2013