Research Of OpenStack Security Assesment Schemes Based On Configuration Verification And Vulnerability Tree

With the development of cloud computing,OpenStack,as a leader in cloud computing,has been closely followed and used by various industries.As a result,the security challenges of OpenStack have also increased.Some scholars focus on scanning for OpenStack vulnerabilities,but pay less attention to configuration verification,and have not studied in-depth the greater system harm caused by the interconnection of OpenStack components.This article studies the security assessment scheme of OpenStack.Starting from the security configuration,fully considering the complexity of the interconnection of OpenStack components,the configuration assessment and vulnerability tree are used to automatically generate a security assessment of OpenStack.Specific results are:1.An automatic vulnerability prediction scheme based on configuration verification and vulnerability database for configuration violations is proposed.This solution analyzes the security configuration list and the vulnerability database,extracts keywords based on the characteristics of the configuration items,and performs fuzzy keyword matching on the vulnerability database,so as to automatically predict the vulnerabilities that security configuration violations can easily cause.After verifying that the scheme has high effectiveness and execution efficiency,it can make effective vulnerability prediction for configuration violations.2.An OpenStack security evaluation scheme based on vulnerability tree is proposed.This solution improves the existing OpenStack vulnerability tree structure.By entering the vulnerability library information and the vulnerability tree structure,according to the principle of the fault tree,the existing vulnerability tree is extended at the bottom event,and the computer-aided generation technology is used to automatically generate the vulnerability tree.And conduct qualitative analysis and quantitative analysis.This solution overcomes the difficulty that the existing vulnerability tree cannot perform instance analysis,and realizes the analysis of OpenStack vulnerability tree.3.Aiming at the specific results of this article,a system for security assessment of OpenStack is designed.The system can read the list of security configurations,and automatically predict the vulnerabilities easily caused by configuration violations by crawling vulnerability libraries and analysis.And by reading the OpenStack vulnerability tree structure,analyzing the configuration list and vulnerabilities,automatically expanding the vulnerability tree,and completing qualitative and quantitative analysis.