Toward Security and Performance Certification of OpenStack

Cloud users and service providers are increasingly concerned about the management of their data and the behavior of the applications they use/own once stored/deployed in the cloud. They therefore ask for enhanced assurance solutions, which partially mitigate the new risks and threats they are facing. Among existing solutions, certification has been widely adopted as a preferable approach to increase trust in the cloud. In this paper, after briefly discussing our test-based certification scheme for the cloud, we show a real certification process aimed to certify OpenStack, an open source IaaS solution for managing infrastructure resources. In particular, we first describe the testing activities executed to certify OpenStack for security and performance properties. We then illustrate the obtained results and the outcomes of the certification process.