OpenStack hacking session was arranged at F-Secure. Participants tried to find vulnerabilities which were documented. If the bug was relevant to OpenStack, it was reported on Launchpad.
Industry and research participants attempted attacks on different interfaces used by Openstack in a configuration that mimics a potential production configuration. A number of small issues were found, including an unsafe configuration that could enable attackers to intercept traffic intended for other virtual machines.
The session also confirmed that the vulnerabilities found in previous versions were no longer an issue in newer versions. The findings have already been taken into account in the planning stages of the coming systems. The format of the session was very effective, and confirmed both that the planned production environment is safe from a number of types of attacks, as well as the need for periodic evaluations in to ensure theory and documentation meet real-life practice.
Presentation on Folson testbed setup by CSC – IT center for Science:
Cloud Software Finland is a four year (2010-2014) Tivit-program, which focuses on developing the different areas of cloud services. The program is funded by Tekes.