| OpenStack,the most widely used open source platform for cloud computing,is facing more security challenges than ever before.As OpenStack’s reliable functionality comes from its many components,the execution logic of the components and API calls pose a greater threat to its security.In order to conduct a comprehensive enough analysis of OpenStack security issues,this paper provides an exhaustive analysis and study of the causes of historical vulnerabilities,the functions of the components involved,and the corresponding patches of OpenStack in the past 10 years.It is found that the vulnerabilities generated by OpenStack in recent years have gradually developed in the direction of complicated mechanisms and federated functions.The current vulnerability detection tools that can be applied to OpenStack not only have a high false alarm rate but also cannot fully cover the functional audit requirements of the cloud computing platform.Based on the above problems,this paper proposes an OpenStack vulnerability analysis method based on sequence analysis,which improves taint analysis based on path-awareness to optimize the impact of taint analysis paths on program analysis,and uses QL-mode source code analysis with key runtime information of OpenStack to perform exhaustive security analysis of component execution logic and API call sequences to OpenStack for more fine-grained vulnerability mining efforts.Based on the research results of this paper,the OpenStack vulnerability detection platform TAS A was designed and implemented,featuring high source code and functional coverage,combination of source code and runtime analysis,and superior detection efficiency and mining depth.TASA detected several OpenStack vulnerabilities in actual detection tasks,and the platform proved to have strong vulnerability detection capability in cross-sectional comparison. |
PDF Full Text Request