Table of Contents
OpenStack Threat Modeling
Adrian Bettag
Adrian Bettag
|
Head of Security Research
June 16, 2025

Accurate OpenStack Threat Modeling is now Possible

Challenges of OpenStack Threat Modeling

Many organizations utilizing OpenStack face difficulties in accurately representing their cloud architectures within threat modeling tools. Current solutions often lack granular components specific to OpenStack, forcing users to rely on generic representations. This leads to:

  • High-level, abstract and generic threat models that miss critical vulnerabilities.
  • Generic threats and countermeasures that are not tailored to OpenStack environments.
  • Increased effort in customizing generic components, delaying threat modeling processes.

Ultimately, this hinders a thorough understanding and mitigation of security risks within OpenStack deployments.

Most Affected Industries

OpenStack and Open Infrastructure designs are used across multiple industries:

  1. Academic / Research / Government
  2. Cloud Hosting / MSP / Telco
  3. Film / Media / Gaming
  4. Finance / Insurance
  5. Healthcare
  6. Information Technology
  7. Manufacturing / Industrial
  8. Transportation
  9. Retail
  10. Web / SaaS / E-Commerce

IriusRisk Solution: Granular OpenStack Threat Modeling

IriusRisk now offers enhanced OpenStack components, providing users with the tools to build detailed and accurate threat models. These components represent the most used and popular OpenStack services and technologies, including adjacent services, and allow users to model designs at any level of abstraction.

Benefits and Value:

  • Accurate Threat Identification: Identify relevant and specific OpenStack threats and countermeasures.
  • Detailed Threat Models: Create threat models with granular components, reflecting the complexity of OpenStack designs.
  • Holistic Open Infrastructure Threat Models: Create accurate and detailed hybrid cloud, hyperscaler and open infrastructure threat models with this newly added and enhanced content.
  • Increased Efficiency: Reduce the time and effort required to model OpenStack environments.
  • Enhanced Security Posture: Gain a deeper understanding of potential vulnerabilities and strengthen security strategies.

There is  a solid foundation of existing hyperscaler components to create the widest range of possible designs:

  • 205 Amazon Web Services (AWS) Components
  • 176 Microsoft Azure Components
  • 65 Google Cloud Platform (GCP) Components
  • 50 Alibaba Cloud Components
  • 24 Oracle Cloud Infrastructure (OCI)
  • 15 Huawei Cloud Components

With the 40 new OpenStack components in IriusRisk, users can effectively manage and mitigate risks in their OpenStack deployments, ensuring a more secure and resilient infrastructure.

All OpenStack, Kubernetes, and Docker components available in IriusRisk as of v4.43 are listed below:

OpenStack:

  1. OpenStack Adjutant
  2. OpenStack Aurora
  3. OpenStack AWX
  4. OpenStack Barbican
  5. OpenStack Blazar
  6. OpenStack Ceph
  7. OpenStack Cinder
  8. OpenStack CloudKitty
  9. OpenStack Concourse
  10. OpenStack Cyborg
  11. OpenStack Designate
  12. OpenStack Glance
  13. OpenStack Heat
  14. OpenStack Horizon
  15. OpenStack Ironic
  16. OpenStack Karbor
  17. OpenStack Keppel
  18. OpenStack Keystone
  19. OpenStack Kuryr
  20. OpenStack Magnum
  21. OpenStack Manila
  22. OpenStack Masakari
  23. OpenStack Mistral
  24. OpenStack Monasca
  25. OpenStack Murano
  26. OpenStack Netbox
  27. OpenStack Neutron
  28. OpenStack Nova
  29. OpenStack Octavia
  30. OpenStack Placement
  31. OpenStack Sahara
  32. OpenStack Senlin
  33. OpenStack Solum
  34. OpenStack Storlets
  35. OpenStack Swift
  36. OpenStack Tacker
  37. OpenStack Trove
  38. OpenStack Vitrage
  39. OpenStack Watcher
  40. OpenStack Zaqar

Kubernetes/ K8s:

  1. Kubernetes External Services
  2. Kubernetes Cluster
  3. Kubernetes Control Plane
  4. Kubernetes Namespace
  5. Kubernetes Pod
  6. Kubernetes Secret
  7. Kubernetes worker node
  8. OpenShift Cluster
  9. Orchestration

Docker:

  1. Docker Client
  2. Docker Container
  3. Docker Linux Host
  4. Docker Registry

For further information, technical details and How Linux, OpenStack, and Kubernetes Combine to Deliver an Open Source Powered Infrastructure Stack. See your copy of the OpenStack One Pager here.

Logos of the European Union with text 'Funded by the European Union NextGenerationEU', the Spanish Government Ministry of Economic Affairs and Digital Transformation, red.es, and the Plan de Recuperación, Transformación y Resiliencia.

FAQs

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down
About the author...

Adrian Bettag

Head of Security Research
IriusRisk
Adrian Bettag is the Head of Security Research at IriusRisk, where he drives the analysis of emerging threats and the integration of next-generation security knowledge into the threat modeling platform. An experienced cybersecurity professional and a Security Architect, Adrian specializes in integrating Secure by Design practices across every stage of the SDLC (Software Development Lifecycle). He is dedicated to helping organizations automate proactive security and is an active mentor in the Threat Modeling Connect community, guiding participants on developing a security mindset.