ENHANCING VIRTUAL MACHINE SECURITY IN

OPENSTACK USING SURICATA BASED INTRUSION

DETECTION AND PREVENTION SYSTEM

NOR ASHILA BINTI MOHD RASHID

BACHELOR OF COMPUTER SCIENCE

(COMPUTER NETWORK SECURITY) WITH HONOURS

UNIVERSITI SULTAN ZAINAL ABIDIN

2019

ENHANCING VIRTUAL MACHINE SECURITY IN OPENSTACK USING

SURICATA BASED INTRUSION DETECTION AND PREVENTION SYSTEM

NOR ASHILA BINTI MOHD RASHID

BACHELOR OF COMPUTER SCIENCE

(COMPUTER NETWORK SECURITY) WITH HONOURS

FACULTY OF INFORMATICS AND COMPUTING

UNIVERSITI SULTAN ZAINAL ABIDIN

2019

i

DECLARATION

I hereby declare that this report is based on my original work except for quotations and

citations, which have been duly acknowledged. I also declare that it has not been

previously or concurrently submitted for any other degree at Universiti Sultan Zainal

Abidin or other institutions.

_____________________________________

Name: Nor Ashila Binti Mohd Rashid

Date: …………………………………………

ii

CONFIRMATION

This is to confirm that:

The research conducted and the writing of this report was under my supervision.

_____________________________________

Name: Dr. Wan Nor Shuhadah Binti Wan Nik

Date: ……………………………………….

iii

DEDICATION

First and foremost, praised to Allah, the most Merciful for giving bless and

opportunity to undergo the final year project, Enhancing Virtual Machine Security in

OpenStack using Suricata based Intrusion Detection and Prevention System.

Second, I would like to express my gratitude to my caring supervisor, Dr. Wan

Nor Shuhadah Binti Wan Nik for her full support, expert guidance, kindness, ideas

towards research of this project and gives me this meaningful experience. Next, I would

like to express my appreciation to my panels, Dr. Ahmad Faisal Amri Bin

Abidin@Bharun and Dr. Nor Aida Binti Mahiddin for their thoughtful questions and

comments regarding my final year project.

Other than that, I would like to thank to my beloved family especially my mother

and my father, Norhayati Binti Abd. Ghani and Mohd Rashid bin Ibrahim for their

unconditionally love, encouragement, support either financially, physically or mentally

during this project. Besides, thanks to all my friends especially my OpenStack members

for their motivation, enthusiasm also knowledge toward this project.

Last but not least, I would also like to thank all staff of the Faculty of Informatics

and Computing for helping me directly or indirectly as well as giving me this

opportunity to explore more about my project.

iv

ABSTRACT

As a usage of cloud computing rises, companies or developers are mainly

concerned about choosing cloud infrastructure with satisfactory security. This thesis

addresses an issue on enhancing security of virtual machine or instances in OpenStack

platform as this environment increases new security challenges. In this project, the

Suricata based Intrusion Detection and Prevention System was proposed in order to

enhance virtual machine security to detect and prevent any malicious activities. When

any suspicious events occur, Suricata is capable to monitor network traffic, provide

alerts to the administrator and block the packet. Hence, virtual machine in cloud

computing can be secured.

v

ABSTRAK

Oleh kerana penggunaan pengkomputeran awan semakin meningkat, banyak

syarikat dan pemaju memilih infrastruktur perkomputeran awan dengan adanya

keselamatan yang memuaskan. Fokus project ini adalah untuk meningkatkan

keselamatan mesin maya dalam platform sumber terbuka, OpenStack, kerana

persekitaran ini meningkatkan banyak cabaran baru berkaitan isu keselamatan. Dalam

projek ini, sistem pencerobohan pengesanan dan pencegahan Suricata dicadangkan

dalam meningkatan keselamatan mesin maya untuk mengesan dan mencegah sebarang

aktiviti yang tidak bermoral. Bila berlaku sebarang kejadian yang mencurigakan,

Suricata mampu memantau rangkaian trafik, menyediakan makluman kepada pentadbir

atau admin dan menapis paket dalam system rangkaian computer. Oleh itu, keselamatan

mesin maya dalam pengkomputeran awan dapat ditingkatkan dan dilindungi.

vi

CONTENTS

Page

DECLARATION i

CONFIRMATION ii

DEDICATION iii

ABSTRACT iv

ABSTRAK v

CONTENTS vi

LIST OF TABLES xi

LIST OF FIGURES xii

LIST OF ABBREVIATIONS xv

LIST OF APPENDICES xvi

CHAPTER I INTRODUCTION

1.1 Background Project 1

1.2 Problem Statement 2

1.3 Objectives 3

1.4 Scope 3

vii

1.5 Limitations 4

1.6 Expected Result 4

CHAPTER II LITERATURE REVIEW

2.1 Introduction 5

2.2 Cloud Computing 5

2.3 OpenStack 6

2.4 Virtual Machine in Cloud Computing 7

2.4.1 Virtual machine in Cloud Computing

Research Paper 8

2.5 Intrusion Detection and Prevention System 11

2.5.1 Intrusion Detection and Prevention System

Research Paper 12

2.6 Conclusion 13

CHAPTER III METHODOLOGY

3.1 Introduction 14

3.2 Flowchart 15

3.2.1 Installation of Oracle VirtualBox 16

3.2.2 Installation and configuration of Centos 7 in the

viii

VirtualBox 16

3.2.3 Installation and configuration of OpenStack

on Centos7 17

3.2.4 Launch Virtual Machine in OpenStack 17

3.2.5 Installation and integration Suricata IDPS with

OpenStack 19

3.3 Requirement Analysis 20

3.3.1 Software Requirements 20

3.3.2 Hardware Requirements 21

3.4 System Design 21

3.4.1 Architecture of the Project 22

3.4.2 Proof of Concept 25

3.5 Summary 27

CHAPTER IV IMPLEMENTATION

4.1 Introduction 28

4.2 Project Interfaces 27

4.2.1 Configuring OpenStack 27

4.2.1.1 Allocation of Floating IP to OpenStack 29

4.2.1.2 Creating Security Group 31

ix

4.2.1.3 Managing Security Group Rules 32

4.2.1.4 Creating Key Pairs 34

4.2.1.5 Creating a Router for OpenStack 35

4.2.1.6 Creating Internal Network in

OpenStack 36

4.2.1.7 Add Internal Network (Interface) to

Router 37

4.2.1.8 Creating OpenStack Images for

Instances 38

4.2.1.9 Creating a New Instances 40

4.2.2 Install and Configure Suricata based Intrusion

Detection and Prevention System 44

4.3 Testing and Result 50

CHAPTER V CONCLUSION

5.1 Introduction 52

5.2 Project Contribution 52

5.3 Project Constraints and Limitation 53

5.4 Future Works 53

5.5 Summary 53

x

REFERENCES 55

APPENDIX 58

xi

LIST OF TABLES

TABLE TITLE PAGE

2.1 Virtual machine in Cloud Computing Research

Paper. 9

xii

LIST OF FIGURES

FIGURE TITLE PAGE

3.0 Flowchart of Enhancing Virtual Machine Security in

OpenStack by Using Suricata Intrusion Detection and

Prevention System 15

3.1 A framework of installation and configuration of OpenStack 16

3.2 A framework of a process on creating instance in OpenStack 19

3.3 A framework of Network Topology 18

3.4 Architecture of OpenStack 22

3.5 A flowchart of processes involves in Neutron 23

3.6 An architecture of Suricata IDPS 24

3.7 Configuration of Centos 7 25

3.8 Configuration Centos 7 with Putty 26

3.9 Installation component of OpenStack 26

4.0 Overview of the OpenStack dashboard 29

4.1 An allocation a floating IP to project 30

xiii

4.2 An allocate floating IP to external pool 30

4.3 Successfully adding Floating IP 31

4.4 Overview of security group 31

4.5 An interface to create the security group 32

4.6 Overview of managing security group rules 32

4.7 An interface to add SSH rule 33

4.8 An interface to add HTTP rule 33

4.9 An overview of key pairs 34

4.10 An interface to create Key Pair 34

4.11 Create a router for OpenStack 35

4.12 Overview of routers 35

4.13 Create a network 36

4.14 Create a subnet 36

4.15 An overview of networks 37

4.16 Add interface 38

4.17 The list of images 38

4.18 Overview of Images 39

4.19 Add OpenStack Image details 39

4.20 Add hostname to OpenStack Instance 40

4.21 OpenStack Instance Boot Source and CentOS 7 text image 40

xiv

4.22 Add resources to OpenStack Instance 41

4.23 Add network to OpenStack Instance 41

4.24 Add security group to the instance 42

4.25 Add keypair to the instance 42

4.26 Configuration Scripts 43

4.27 Overview of instances 43

4.28 Instance console 44

4.29 Network topology 44

4.30 Install iptables services 45

4.31 Successfully install iptables services 45

4.32 Install Suricata from source 46

4.33 Installation of Oinkmaster Rule Manager 48

4.34 Start the Suricata 49

4.35 The Component that used to run Suricata 50

xv

LIST OF ABBREVIATIONS

VM Virtual Machine

CPU Central processing unit

IaaS Infrastructure-as-a-Service

PaaS Platform-as-a-Service

SaaS Software-as-a-Service

VNF Virtual network function

DNS Domain Name Server

IDS Intrusion Detection System

IPS Intrusion Prevention System

IDPS Intrusion Detection & Prevention System

xvi

LIST OF APPENDICES

APPENDIX TITLE PAGE

A Gantt Chart FYP 1 58

B Gantt Chart FYP 2 59

1

CHAPTER I

INTRODUCTION

1.1 Background Project

Cloud computing relies heavily on virtualization. Cloud computing

services can be private, public or hybrid. Private cloud computing in which an

enterprise uses a proprietary architecture and runs cloud servers within its own

data centre. Some examples of top vendors that creates private cloud are

VMware, Red Hat and OpenStack. Public cloud in which a third-party provider

makes computes resources available to the public over the internet. With public

cloud, enterprises do not have to set up and keep up their own cloud servers in

house, such as AWS, Microsoft Azure, and Google Cloud Platform.

Meanwhile, a hybrid cloud is a combination of two or more clouds (public and

private cloud). The NIST divides the services by the cloud computing into three

categories namely Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS)

and Infrastructure-as-a-Service (IaaS).

2

This project used an OpenStack as a cloud computing platform.

OpenStack is an operating system that contains a set of open source software

tools that allow users to create either public or private cloud. OpenStack mostly

deployed as Infrastructure-as-a-service (IaaS). There are many companies and

developers implement or use the OpenStack as their cloud platform. OpenStack

is managed by the OpenStack Foundation at 2016 but began as a joint project

of RackSpace Hosting and NASA in 2010.

This project concerns on security issues in the cloud computing

environment. However, this project focusses on improving the security of VM

which is one of the most important issues that should be noted. In order to

improve virtual machine security, this project proposed the application of

Suricata as a platform for Intrusion Detection System/ Intrusion Prevention

System. Suricata based Intrusion Detection and Prevention System is an open

source, fast, mature and robust network threat detection and prevention system.

Suricata is a system for the network intrusion analysis and capable to monitor

network traffic and provide alerts to the system administrator when suspicious

events occur.

1.2 Problem Statement

Nowadays, there are many companies or developers used cloud

computing platform to run their businesses. One of the most well-known cloud

platforms is OpenStack. Because of the usage of cloud computing increases,

customers are mainly concerned about choosing cloud infrastructure with

3

sufficient security. Concerns are greater in the virtual machine environment on

a public cloud. This environment raises new security challenges. It will easier

to hacker to get the information or data because the cloud computing platform

used static IP. The hacker can use many tools and techniques to attack the

virtual machine because there is no high-security component implement in

cloud computing. Thus, the existence of the properly configured firewall and

continually updated antimalware still does not guarantee the protection of the

virtual machine instances in the cloud.

1.3 Objectives

The objectives of this project are:

1) To propose a framework to secure virtual machines in the cloud

computing environment using Suricata IDPS.

2) To configure the proposed framework on OpenStack cloud platform.

3) To test and integrate OpenStack cloud platform with Suricata based

Intrusion Detection and Prevention System.

1.4 Scope

The scopes of this project are as follows:

1) This project configures one of the cloud computing platforms called

OpenStack, or any platforms which its functions are similar to

OpenStack.

4

2) This proposed framework is targeted for one of the Intrusion

Detection System/ Intrusion Prevention System platforms called

Suricata or any platform which its functionality or rules are similar to

Suricata.

3) The project integrates Suricata-based Intrusion Prevention System

into the OpenStack cloud platform.

1.5 Limitations

Some technical challenges of this project are described as follows:

1) No references for the similar project from senior’s Thesis at the Faculty

of Informatics and computing.

2) More time was allocated in the installation process and complicated to

configure the OpenStack cloud platform.

3) It will be difficult to detect if the black hat communities use an

intelligent attack.

1.6 Expected Result

Based on the objectives, an optimal result can be achieved which are:

1) Improves virtual machine security by using Suricata-based

Intrusion Prevention System

2) Secure Virtual Machine on OpenStack cloud platform.

3) Provide both detection and prevention from any malicious

activities in cloud system.

5

CHAPTER II

LITERATURE REVIEW

2.1 Introduction

This chapter discusses the previous work in cloud computing and the

Suricata Intrusion Detection and Prevention System. The discussion gives more

understanding of what and how the cloud computing and Suricata Intrusion

Detection and Prevention System works.

2.2 Cloud Computing

Cloud computing is the on-demand delivery of computing power,

applications, database storage, and other IT resources through a cloud services

platform over the internet with pay-as-you-go pricing. Rather than have their

own computing infrastructure or data centre, they can only pay when they

consume computing resources and only pay for that consumptions. Cloud

computing enables developers to consume computer resources such as storage,

virtual machine (VM), or an application (Rouse, 2017). 451 researches predict

that around one out of three of enterprise IT spending will be on hosting and

6

cloud services this year “indicating a growing reliance on an external source of

management, infrastructure, application, and security services”. Analyst

Gartner estimates that half of the global enterprises using the cloud now will

have gone all-in on it by 2021 (Ranger, 2018).

(Aleksandar Donevski, 2012) told that cloud computing raises new

security challenges compared to traditional on-premise due to its multi-tenant

virtual environment on each cloud service layer: Infrastructure-as-a-Service

(IaaS), Platform-as-a-Service (PaaS) or Software-as-a-Service (SaaS). They

found that, although the tenants are isolated, they (the tenants) share the

hardware resource, virtual machines, the same database or even the same table.

So, they proposed to use two most common security vulnerability scanners in

order to secure the tenants. However, they will continue the security

assessments with other vulnerability scanners in order to help the customers to

select the best scanner utility for detection in cloud platforms.

2.4 OpenStack

OpenStack falls into the latter category which is considered as

Infrastructure as a Service (IaaS). OpenStack lets the user install the virtual

machine and other instances that handle different tasks for managing a cloud

environment on the fly. OpenStack has a few main components which are

Horizon, Nova, Neutron, Keystone, and Glace that are a part of the core of

OpenStack. Hala Albaroodi and friends found several flaws in OpenStack (Hala

Albaroodi, 2014). They claimed that certain parts of OpenStack are considered

secure while others need to be improved.

7

In the research paper by Dr. Urmila R. Pol, OpenStack is an especially

scalable open source cloud operating system that is a global alliance of

developers and cloud computing technologists producing the ubiquitous open

source cloud computing platform for public and private clouds. OpenStack

provides series of interrelated projects delivering various components for a

cloud infrastructure solution as well as controls large pools of storage, compute

and networking resources throughout a datacentre that all managed through a

Dashboard (Horizon) that gives administrators control while empowering their

users to provision resources through a web interface (Pol, 2014). In the paper,

they present an overview of Cloud Computing Platform such as OpenStack,

Eucalyptus, CloudStack and Open nebula which is open source software, cloud

computing layered model, components of OpenStack, architecture of

OpenStack. This paper was important to the project because it show mainly

important of OpenStack as a Cloud provider and its installation.

2.4 Virtual Machine in Cloud Computing

Cloud computing is in need of more secure solutions to gain customers

trust in the cloud hosts and verify their own VM’s data security (Xichun Yue,

2016). As the indispensable and significant components, the security of virtual

machines has also attracted the attention of many researchers. Absalom E.

Ezugwu found that virtual machine allocation problem is one of the challenges

In the paper, Mudassar Aslam, Cristian Gehrmann, et. al consider the

Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run

their own virtual machine (VMs) on available cloud computing resources. IaaS

8

gives enterprises the possibility to outsource their process workloads with

minimal effort and expense. However, one major problem with existing

approaches of cloud leasing, is that the users can only get contractual

guarantees regarding the integrity of the offered platforms (Aslam, 2012). In

the paper, they address the issues and propose a novel secure VM launch

protocol using Trusted Computing techniques.

The other research wrote by Nicolae Paladi and teams, a virtualized

computing infrastructure allows clients to run own services in form of virtual

machines on shared computing resources (Nicolae Paladi, 2012). This approach

however introduces new challenges. They have designed a trusted launch

protocol for VM instances in public IaaS environments. They also present a

proof-of-concept implementation of the protocol based on OpenStack.

2.4.1 Virtual Machine in Cloud Computing Research Paper

Table 2.1 below shows a summary of the literature review related to the

virtual machine in cloud computing. The author’s name, algorithm and

techniques used in the research, strength and weaknesses of the research is

being documented in the table.

9

Table 2.1: Virtual machine in cloud computing research paper.

No. Title / Authors Algorithms /

Techniques

Strength Weaknesses

1

Network

Security for

Virtual Machine

in Cloud

Computing.

Hanqian Wu, Yi

Ding, Chuck

Winer, Li Yao

(2010)

A novel virtual

network model

based on

analysis of

Xen.

Efficiently prevent

VMs from attacks

such as sniffing and

spoofing in theory.

Unable to block

the

communication

among VMs

within a shared

network. The

paper just

assumes that VMs

belong to a same

virtual shared

network are

trustful to each

other.

2

Survey on

Secure Live

Virtual Machine

(VM) Migration

in Cloud.

Naveed Ahmad,

Ayesha Kanwal

Post-copy

migration

techniques

The paper has

investigated the

vulnerabilities and

threats on live VM

migration and

defined security

requirements for

No complete

solution for live

VM migration

which fulfils the

aforementioned

security

requirements.

10

and Muhammad

Awais Shibli

(2013)

detailed analysis of

existing solutions.

3

An optimized

Approach to

Protect Virtual

Machine Image

Integrity in

Cloud

Computing.

Xichun Yue,

Limin Xiao,

Weidian Zhan,

Zhigang Xu, Li

Ruan, Rui Liu

(2016)

Architecture of

Integrity

Protection.

Reduce the time

cost of the

measurement

module and protect

the integrity of VM

images without

much resource

consumption.

The idle of CPU

still In higher state

of percentage and

this project

implemented in

small cloud

environments.

4

A Secure and

VM-Supervising

VDI System

Based on

Openstack.

Weidian Zhan,

Li Ruan, Xichun

VDI system

The result of the

paper shows the

efficiency and low

performance cost of

the system and

confirms that it can

maintain the correct

The system relies

on the OpenStack

cloud platform to

provide VM

management.

11

Yue, Zhigang

Xu, Limin Xiao.

(2016)

state of the VMs

and ensure the

continuity of the

desktop connection

to some extent.

2.5 Intrusion Detection and Prevention System

The Intrusion Detection System (IDS) helps to detect and alert about

potential attacks by analysing network traffic and determining whether the

observed behaviours complies with the predefined allowed conditions

(Fekolkin, 2015). Fekolkin found that, regardless of the IDS type, the security

has to be structured in a way that would not interfere with the productivity of

an organization. Moreover, the Intrusion Prevention System (IPS) can be

considered as enhancement of IDS, because it capable of blocking potentially

undesirable activities. Hence, their paper was concentrated upon the network

Intrusion Detection and Prevention System (IDPS).

In the research wrote by Roman Fekolkin, he discussed about the

architecture of Snort and Suricata IDPS engines. Snort is a single-threaded

signature-based network IDPS and it is one of the commonly used IDS engines

(Fekolkin, 2015). The Snort IDS and IPS system became a worldwide famous

feature to protect the network (Sergey, 2016). However, other studies have

shown that it is important to overcome the computational limitations of single-

threaded IDPS and Suricata is one of multi-threaded IDPS that can be

implemented in cloud computing (Fekolkin, 2015). The results that has been

12

analysed by David Jonathan Day and Benjamin M. Burns shown that Suricata

has a higher accuracy rate than Snort, although this comes at the cost of putting

an increased relative demand on the CPU.

2.5.1 Intrusion Detection and Prevention System Research Paper

Ku. Rupali D. Wankhade proposed Suricata intrusion detection system

to secure virtualized server in the cloud platform. The project validated the

intrusion detection system in detecting DDOS attack against the virtualized

environment and protect cloud efficiently from vulnerability (D.Wankhade,

2016). However, the limitation of this project is Suricata does not block any

malicious events occur because the project is implemented in IDS mode.

Roman Fekolkin proposed the solutions to secure network of computers

using Snort and Suricata IDPS. Both IDPS were open-source solutions which

can make them very flexible when it comes to configuration with accordance to

very specific contexts. This paper briefly explained the advantages of both IDPS

but the author claimed that the choice of IDPS solutions depends on the

contextual aspects that might significantly vary from one case to other, just as it

is the case with any security solution implemented (Fekolkin, 2015).

Mayank Kumar proposed an intrusion detection system package called

Snort that deployed on Ubuntu running on a virtual machine in Microsoft Azure

cloud system. This project demonstrates how a VM instance on the cloud can

be secured through IDS. The limitation of this project is Snort cannot detect

intrusion coming from outside of a network (Kumar, 2017).

13

2.6 Conclusion

This chapter discussed the related works that are used as references to

complete the project. The analysis is done in order to find the best technique

and method that is suitable to be implemented in this project.

14

CHAPTER III

METHODOLOGY

3.1 Introduction

The methodology is a series of steps used to complete the project. It is a

very important part in project development because it should be a narrative of

the steps to gather the data to allow the research can be conducted efficiently.

The understanding of the general framework design and flow chart will be told

in this chapter. This chapter contains methods, technique or approach that will

be used during the design and implementation of the project.

15

3.2 Flowchart

Figure 3.0 shows the overall flowchart of this project in enhancing the security

of Virtual Machine in OpenStack by Using Suricata Intrusion Prevention System.

1.

2.

3.

4.

Figure 3.0: Flowchart of Enhancing Virtual Machine Security in OpenStack by

Using Suricata Intrusion Detection and Prevention System.

The first step is to install virtual box as a platform of virtualization. Next,

configure OpenStack in terminal CentOS 7 then launch two virtual machine or

instances in order to secure communication between them. After that install Suricata

IPS and integrate it with OpenStack.

CentOS 7

(1) Install VirtualBox

(3) Configure OpenStack on

CentOS 7

(2) Install and Configure CentOS 7

CentOS 7

(5) Install and integrate

Suricata with OpenStack

Virtual machine

(4) Launch Virtual Machine based

OpenStack

16

3.2.1 Installation of Oracle VirtualBox.

Virtual box is a cross-platform virtualization application [1]. Oracle VirtualBox

enables to set up one or more virtual machines on a single physical machine.

Host Operating System requirements:

i. Windows edition: Windows 10 Pro

ii. Manufacturer: Dell Technologies

iii. Processor: Intel® Core™ i5-44405 @ 2.80GHz 2.80GHz

iv. Installed memory (RAM): 8.00 GB

v. System type: 64-bit Operating System, x64-based Processor

3.2.2. Installation and configuration of CentOS 7 in the VirtualBox.

Community Enterprise Operating System (CentOS) is a 100% free

operating System distribution based upon the Linux Kernel [5]. CentOS is not Red

Hat Enterprise Linux (RHEL) but it is a Linux distribution derived entirely from the

Red Hat Enterprise Linux (RHEL). CentOS Linux claims that it is widely popular

with Linux Users, web hosts, and small business.

17

3.2.3. Installation and Configuration of OpenStack on CentOS 7

OpenStack will be installed in this project since it is a scalable solution

and more than 60 leading companies participate in its development (Ritov, 2013).

Installation of OpenStack will be done by using a command line in terminal Centos

7.

Figure 3.1: A framework of installation and configuration of OpenStack.

3.2.4. Launch Virtual Machine in OpenStack.

This project creates two instances (virtual machine) in order to test the

communication between them. In this environment setup, this project proposes the

techniques that will be used. This could be a virtual machine from another network

in the same OpenStack cloud trying to make unauthorized access.

Install OpenStack using command line in terminal

Centos 7

- install all the OpenStack

Component.

-get the IP address and password for

admin

Using PuTTY to remote access the OpenStack and get Admin

password.

Open OpenStack dashboard

18

The instances will be configured in OpenStack using a command line before the

graphical user interface (GUI) were installed. To access control of the instances that

have been made, the private key must be generated by using PuTTYgent.

Figure 3.2: A framework of a process on creating instance in OpenStack.

After the instances have been created, it will create a new environment in the

internal network. The interfaces will look like this (see Figure 3.0) after all the

configuration finishes. This picture was taken as a reference or overview of how it

will look alike. It is also known as Nested Virtualization because there is another

instance (virtual machine) created on the cloud. Figure 3.3 below shows the example

of two instances image that created in the same network.

1) Instance name

2) Source (Image)

3) Select Image

4) Allocate flavour

Launch Instances Create Instances

Generate the username

and password by using

PuTTY.

Log in as a user

and install all

the component

-Using PuTTY gent to create a private key based on

public key given in key pairs.

-Using putty to access control to instances using

the private key.

19

Figure 3.3: A framework of Network Topology

3.2.5. Installation and integration Suricata IDPS with OpenStack

To enable Suricata IDPS as a virtual network function (VNF) in OpenStack,

first, we have to deploy OpenStack with Contrail SDN that will bring NFV into the

cloud. Second, we have to create a VM image with the Suricata IDPS installed.

Then, configure the Contrail SDN to run an IDPS service instance (VNF) and steer

the traffic to the instance for further analysis.

Suricata Based Intrusion Detection and Prevention System is an engine that

capable to provide the alert and prevent the system from the hacker or black hat

communities. The rules of Suricata can have action like “alert” and “log” in IDS

mode and additional “drop”, “sdrop” and “reject” action when running in IPS mode

(Fekolkin, 2015). While configuring Suricata, there are some rules should be listed

20

down. For example, of basic rules that help Suricata to drop or block malicious

activity:

1) drop tcp any any -> any-any (msg: “facebook is blocked”;

content:“facebook.com”; http_header; nocase; classtype:policy-violation; sid:1;)

2) drop icmp any any->any any (msg:“DROP test ICMP ping from any

network”;icode:0;itype:8; classtype:trojan-activity; sid:99999999;rev:1;)

There are many rules in Suricata and each of them has its own function.

All of these rules were written in local.rules by type default-rule-path:

/etc/Suricata/rules/local rules in terminal.

3.3 Requirement Analysis

Project requirement analysis needed in making the development and

implementation of the project to become successful. There are two requirements

used in this project:

3.3.1 Software Requirements

Software requirement of this project are:

i. Oracle VirtualBox

ii. CentOS 7 x86 64-bits minimal

iii. Microsoft Word 2016

iv. Microsoft Office PowerPoint 2016

v. Windows 10

21

vi. PuTTY 64-bits version 0.70

3.3.2 Hardware Requirements

Hardware requirements of this project are:

1) PC Lab-KRK

i. Manufacturer: Dell Technologies

ii. Processor: Intel® Core™ i5-44405 @ 2.80GHz 2.80GHz

iii. Installed memory (RAM): 8.00 GB

iv. System type: 64-bit Operating System, x64-based Processor

v. Laptop (Lenovo, 4GB RAM, AMD A8-5550M APU with Radeon™ HD

Graphics, 64-bit Operating System, x64-based processor)

2) Mouse

3) Printer

3.4 System Design

To specify the requirement, all the process that defines the architecture

and proof of concept for project development is explained in this phase. The

framework of the overall project is designed and defines them in the specific model.

22

3.4.1 Architecture of the project

Figure 3.4 below shows the architecture of OpenStack with few

components that are related to each other, namely Horizon (dashboard), Identity

Service (Keystone), Compute (Nova), Block Storage (Cinder), Networking

(Neutron), Image Service (Glance), and Object Storage (Swift).

Figure 3.4: Architecture of OpenStack (OpenStack, 2018)

As a web-based interface for cloud administrator and cloud tenants, the

OpenStack Dashboard (Horizon) is provided. Using this interface, administrator and

tenants can manage, provision and monitor cloud resources (OpenStack, 2018). This

project will be focused on 3 main components which is Nova, Neutron, and Glance.

OpenStack Compute (Nova) used to support the management of virtual machine

instances, instances that host-multi-tiered applications, and important to test

environments. In order to manage networking, OpenStack Neutron is the important

components. OpenStack Neutron provides networking services to cloud users

(tenants) such as IP address management, DNS, DHCP, load balancing and security

group. This service also allows cloud tenants to manage their guest network

configuration. Then, this project will use OpenStack Image service known as Glance

to launch virtual machine or instances. This service provides disk-image

23

management services, including image discovery, registration, and delivery services

to the Compute service, as needed.

Figure 3.5: A flowchart of processes involves in Neutron

(OpenStackComunity, 2018)

Figure 3.5 shows the workflow process for tenant instance creation in

order to secure OpenStack Networking. Four services that interact with OpenStack

Networking: Dashboard, Identity, Compute node, Network node and SDN service

node.

24

Figure 3.6 An architecture of Suricata IDPS

As we can see in Figure 3.6, the process of network traffic analysis can be

accomplished by capturing the packet directly from the network interface card or by

using the pre-recorded traffic. The packet that has been captured will be decoded to

know its IP address and a few details about the packet. Then in the stream

reassembly engine, the packets are assembled into stream-queues, which in the

thread engine, will then be fetched for the procession by a certain thread (Fekolkin,

2015). When fetching a packet, each thread invokes a Queue Handler part which

actually deals with fetching and ditching of packets in a thread. The user can

configure the number of “Detect” threads to be located in the thread engine. After

OUTPUT

DETECT DETECT DETECT

DECODE & STREAM APPLICATION LAYER

PACKET CAPTURE

NETWORK

25

comparing the packets signatures and deciding which packets should be dropped or

accepted, the output logs are then produced (Fekolkin, 2015).

3.4.2 Proof of Concept.

Figure 3.7 and 3.8 shows the installation of the CentOS 7 that install in Oracle

VirtualBox.

Figure 3.7: Configuration of CentOS 7

26

Figure 3.8: Configuration Centos7 with Putty

Figure 3.9: Installation component of OpenStack

Figure 3.10 above shows the successful installation of OpenStack component.

27

3.5 Summary

As a conclusion, in order to produce a complete project within the time

given, the selection of suitable methodology is needed. This methodology provides

systematic steps in the development of the project and can carry out the minimal

error.

28

CHAPTER IV

IMPLEMENTATION

4.1 Introduction

The first objective is achieved. This chapter contains steps to configuring the

OpenStack cloud platform and Suricata Intrusion Detection and Prevention System.

There are several steps that must be followed in order to achieve the second and third

objective such as configuring OpenStack dashboard, create instances, install Suricata

intrusion detection and prevention system, configure Suricata intrusion detection and

prevention system and integrate OpenStack and Suricata intrusion detection and

prevention system.

29

4.2 Project Interfaces

4.2.1 Configuring OpenStack

Figure 4.0 Overview of the OpenStack dashboard

Figure 4.0 shows the OpenStack dashboard which known as the horizon that

provides a web-based user interface to OpenStack services. Cloud administrators and

users enable to manage various resources and services of OpenStack such as create and

manage images, launch instances, create and manage the network, create and manage

the router, create and manage flavor and volume. There are a few steps should be

configured before launching an instance. The important step is allocating float IP and

enable telnet and HTTP connection for instances.

4.2.1.1 Allocation of Floating IP to OpenStack

In order to allow external access from outside networks or internet to an

OpenStack instance, the user should allocate an IP to the project.

30

Figure 4.1 An allocation a floating IP to the project.

Figure 4.2 An allocation a floating IP to the external pool.

Figure 4.1 and 4.2 show how to allocate a floating IP to the project and public

pool. Log in as an admin credential and go to the Project tab. Hit the Compute panel

and search for Floating IPs. The IP address should appear in the dashboard when the

user hit the external Pool and Allocate IP button. It is a good thing to do to allocate a

floating IP for each instance that is run.

31

Figure 4.3 Successfully adding Floating IP

Figure 4.3 shows the list of IP address that successfully allocated to the project.

4.2.1.2 Creating Security Group

Figure 4.4: Overview of the security group

Figure 4.4 shows an overview of the security group at the OpenStack dashboard.

Security groups are sets of IP filter rules that define networking access to the instances.

The admin can edit and add the new rules to the default group and can create a new

group and manage the new rules.

In this project, a new security group and a few rules were created to enable telnet

and HTTP connection for instances. It was important for admin to easily remote access

32

to the instances and give basic security to the instances. An interface to create a security

group should look alike the figure 4.5 below.

Figure 4.5 An interface to create the security group.

4.2.1.3 Managing Security Group Rules

After security group has been created, the next step is to manage security group

rules whereas, in this project, SSH and HTTP rules have been added.

Figure 4.6 Overview of managing security group rules

Figure 4.6 is an overview of managing security group rules that can be added or

deleted the rules.

33

Figure 4.7 An interface to add SSH rule

Figure 4.7 shows SSH rule has been added to the security group. If the instances

were created in the same network, it is important to allow SSH rule. Secure Socket Shell

(SSH) is a network protocol that provides admin or user with a secure way to access a

computer. In this project, SSH rule was used as a method for secure and allow remote

login from one computer to another and bind using the group port 22(SSH).

Figure 4.8: An interface to add HTTP rule

Figure 4.8 shows the HTTP rule was added to the security groups. Hyper Text

Transfer Protocol (port 80) was set in order to connect one VM to another VM and the

port from which a computer sends and receives Web client-based communication and

34

messages from a Web server. So, in order to install software or anything, HTTP rule is

enabled admin or user to connect to the internet.

4.2.1.4 Creating Key Pairs

Figure 4.9: An overview of key pairs

Figure 4.9 shows an overview of key pairs section in the OpenStack dashboard.

The key pairs are the public key of an OpenSSH key pair to be used for access to created

servers.

Figure 4.10: An interface to create Key Pair

Figure 4.10 shows an interface to create new key pairs. Hit on +Create Key Pair

button when done.

35

4.2.1.5 Creating a Router for OpenStack

Figure 4.11: Create a router for OpenStack.

A router is a logical component that forwards data packets between networks

and provides Layer 3 and NAT forwarding to provide external network access for

servers on project networks (Openstak.org, 2019). A router will be a gateway for

instances and make sure the instances can get a network connection. To create a router,

select Router under Network panel, then type the router name and choose the external

network. After that, hit Create Router button when done. Figure 4.11 above shows the

interface to create a router.

Figure 4.12: Overview of routers.

Figure 4.12 shows the list and the details of the routers that have been created.

It can be edited and deleted unused routers.

36

4.2.1.6 Creating Internal Network in OpenStack

The OpenStack Networking services (neutron) provides an API that allows users

to set up and define network connectivity and addressing in the cloud (Openstack.org,

2017).

Figure 4.13: Create a network.

Figure 4.14: Creating a subnet.

Figure 4.13 and Figure 4.14 shows the step to create a network (interface) for

the router. First is name the network as MyNetwork, and create subnet name as

MySubnet with IP 192.168.0.0/24. Hit the Next button when done. This network assigns

the client to the web server nodes and enables admin to allocate floating IPs.

37

Figure 4.15: An overview of networks

Figure 4.15 shows an overview of the network that has been created.

4.2.1.7 Adding an Internal Network (Interface) To Router.

A private IP address can be assigned by admin to each instance. Compute makes

a distinction between fixed IPs and floating IPs. Fixed IPs are IP addresses that are

assigned to an instance on the creation and stay the same until the instance is explicitly

terminated. Floating IP addresses can be associated and disassociated with another

instance at any time. An internal network interface is used to enable communication in

the internal network between the instances.

38

Figure 4.16: Add interface

Figure 4.16 shows the step to add interface. First, just click on MyRouter and

click +Add Interface on the box that has appeared.

4.2.1.8 Creating OpenStack Images for Instances

The project has used the images that already created by the third party. Figure

4.16 below shows the links to download the latest packaged images. In this project,

CentOS 7 and default CirrOS image was created.

Figure 4.17 The list of images

39

Figure 4.18: Overview of Images

Figure 4.18 shows the overview of Images that have been created. First, go to

OpenStack web panel, and navigate to Project, choose Images under Compute panel

and hit +Create Image button as the figure above.

Figure 4.19: Add OpenStack Image details.

Figure 4.19 shows adding an image detail which is this project used QCOW2

format with only 958.44 MB in size. After browsing the file that has been downloaded

and set the format, hit Create Image button.

40

4.2.1.9 Creating a New Instances

The virtual machine that run inside the cloud environment is called instances.

The parameter should be gathered before launching an instance and can be run based

on the image that was created earlier. Figure 4.20 until Figure 4.26 show the steps on

how to launch an instance. The first step is to name the instance (the name will be used

to form the virtual machine hostname), leave the availability zone to Nova and use one

instance count like Figure 4.20 below.

Figure 4.20: Add hostname to OpenStack Instance.

Figure 4.21: OpenStack Instance Boot Source and CentOS 7 text image.

41

Figure 4.21 shows how to set the instance source. Select Image as Boot Source

and add CentOS 7 image that was created as shown in the figure above. Hit the Next

button to proceed further.

Figure 4.22: Add resources to OpenStack Instance

The next step is to allocate the instance resources by adding a flavor that suitable

the needs as shown in Figure 4.22 above. Then, click the Next button to move on.

Figure 4.23: Add network to OpenStack Instance

The next step is adding one available network that was created to the instance

using the + button and hit the Next button. In this project, the internal network is used

as shown in Figure 4.23 above.

42

Figure 4.24: Add security group to the instance.

Figure 4.25: Add keypair to the instance.

Figure 4.24 and Figure 4.25 show the security group and key pair that choose

for the instance.

43

Figure 4.26: Configuration Scripts

Figure 4.26 shows the configuration scripts. The configuration script is useful

when the instance can’t connect by using SSH. So, when the instance starts for the first

time, enter the default username. The default username for CentOS is centos, default

username for Ubuntu is ubuntu and so on. After that, enter the password that has been

created at the configuration box earlier as shown in Figure 4.26.

Figure 4.27: Overview of instances

Figure 4.27 shows the list of instances that were created. Don’t forget to select

the floating IP for instances. Hit on the right arrow from Create Snapshot menu button,

choose Associate Floating IP then select one of the floating IP that has been created

earlier and hit the Associate button. Associate floating IP is important to make the

instance reachable from the internal LAN.

44

In this project, there are two instances that will be used. One instance as a

defendant and the other one will be an attacker.

Figure 4.28: Instance console

Figure 4.28 shows the instance console. Enter the username and password that

has been shown in Figure 4.26. In order to create a root password, just use the command

‘sudo password root’ and the user will be requested to enter the new password.

Figure 4.29: Network topology.

Figure 4.29 shows an overview of the network of this project.

45

4.2.2 Install and Configure Suricata Based Intrusion Detection and Prevention

System.

Setting up Suricata on CentOS 7 from the source code consists of a few steps

such as downloading the code, configuring and compiling the code, installing it to an

appropriate directory and lastly configuring the rules. Installation Suricata should be

as root, not a user.

The first step is to enable iptables after disabled firewalld. The command is

shown as Figure 4.30 and Figure 4.31 below.

Figure 4.30: Install iptables services

Figure 4.31: Successfully install iptables services.

46

Next is to prepare the server by installing all the required libraries using this

command:

Before install Suricata, this project has to install epel using this command:

After libraries are prepared, Suricata will be installing from the source by using this

command:

Figure 4.32: Install Suricata from the source.

Next step is to fetch the Suricata tarball and decompress it as command below:

yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-develmariadb-devel GeoIP-

devel \zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devellibnetfilter_queue-

devel ethtool -y

yum install epel-release

yum -y install libnetfilter_queue-devel

wget http://www.openinfosecfoundation.org/download/suricata-4.1.3.tar.gz

tar -xvzf suricata-4.1.3.tar.gz

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-

geoip

cd suricata-4.1.3

47

The command above shows the step to configure the source to compile the Suricata as

IPS.

Then, compile the Suricata using this command:

Create a directory for Suricata’s log information and to prepare the system for using it,

use this command:

The next step is to copy classification.config, reference.config and suricata.yaml from

the base installation directory using this command:

The Oinkmaster was configured. Oinkmaster is a tool to help manage the signatures.

Oinkmaster can downloaded from

http://prdownloads.sourceforge.net/oinkmaster/oinkmaster-2.0.tar.gz as shown in

Figure 4.33 below.

make && make install-full

mkdir /var/log/Suricata

mkdir /etc/suricata

cp classification.config /etc/Suricata

cp reference.config /etc/suricata

cp suricata.yaml /etc/suricata

48

Figure 4.33: Installation of Oinkmaster Rule Manager

Then, create a directory for Oinkmaster and decompress Oinkmaster tarball using this

command:

The rules can be found at

http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz. Open

oinkmaster.config and add the link as below and don’t forget to place # in front of the

URL:

After that, a directory for the new rules was created. Then follow the next steps using

the next commands:

mkdir /etc/oinkmaster

tar xvf oinkmaster-2.0.tar.gz

vi /etc/oinkmaster/oinkmaster.conf

#http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

mkdir /etc/suricata/rules

/etc/oinkmaster/oinkmaster.pl -C

/etc/oinkmaster/oinkmaster.conf -o

/etc/suricata/rules

49

The ruleset already downloaded and use 3 commands above as one single line in order

to update the rules.

Now, start the Suricata using this command:

Figure 4.34: Start the Suricata.

Figure 4.34 shows that Suricata is ready to capture all incoming and outgoing packets.

50

4.3 Testing and Result

Before start the penetration test, IP address of the defendant and attacker was

checked by using ifconfig command. In this project, the IP address that will be used is

192.168.0.15 (CentOS 7) The other IP address is 192.168.0.5 (CirrOS) as an attacker

and ping to the defendant instances. Before that, run Suricata to detect all the

activities. Run Suricata with this command:

After that, Suricata log and all version of the component that will be used will appear.

For this project, the version for Suricata is 4.1.3 which is the latest version of Suricata.

While the version for libpcap is 1.5.3 as shown in Figure 4.35 below.

Figure 4.35: The component that used to run Suricata.

suricata -c /etc/suricata/suricata.yaml -q 0 &

51

After that, start pinging from the attacker using this command:

After run this command, the sequence of the packet transmitted from victim pc

to attacker pc will be appear. Pinging is one of the denials of service attack which is

request packet from another computer and make that computer busy and cannot do

other tasks.

This project has inevitable problems and constraints which cannot be

continued. The result from the Suricata log that contains all detail that Suricata was

captured for a certain time cannot be shown.

ping 192.168.0.15

52

CHAPTER V

CONCLUSION

5.1 Introduction

This chapter discusses the contribution of Enhancing Virtual Machine Security

in OpenStack using Suricata Intrusion Detection and Prevention System. Other than

that, project constraints, limitations and advancements for the future evolutions also

discussed in this chapter.

5.2 Project Contribution

The contribution of this project is to secure virtual machines or instances in the

OpenStack environment. In most cases, the clients do not take it seriously to protect

their instances and most of the security is used to protect from outside. The existence

of the properly configured firewall and continually updated antimalware still does not

guarantee the protection of the virtual machine instances in the cloud. This project is

53

giving security protection inside the OpenStack environment and protect from intruders

or black hat community in the virtual machines itself.

5.3 Project Constraints and Limitation

This project has some constraints and limitation that occur in the construction

and design phase. There will be the possibility to the intruders to attack the OpenStack

environment which is probably to the instances to corrupt is high due to the attack.

Moreover, this project will detect and prevent malicious activities that occur in the

instances by just identify the IP address of intruders or attackers. It will be difficult to

detect if the black hat community uses an intelligent attack.

5.4 Future Works

This technique could be improved in many ways for instances to test Suricata

rule with other varieties of intrusion such as teardrop attack and wormhole attack. In

addition, it is good if Suricata also can detect intrusion from external IP.

5.5 Summary

For the conclusion, at the end of this research, the project came out with a

technique for Enhancing Virtual Machine Security in OpenStack using Suricata based

Intrusion Detection and Prevention System. The project is intended to secure the virtual

machine in the OpenStack cloud environment and provide both detection and

54

prevention from any malicious activities. This technique provides users to see any

malicious activities that occur in their instances and enables the user to set the new rules

to detect and block from a new attack.

55

References

Aleksandar Donevski, S. R. (2012). Nessus or Metaspoit: Security Assessment of

Openstack Cloud.

Aslam, M. (2012). Securely Launching Virtual Machines on Trustworthy Platforms in

a Public Cloud. CLOSER 2012-Proceedings of the 2nd International

Conference on Cloud Computing and Services Science.

D.Wankhade, K. (2016). Virtualization Intrusion Detection System in cloud

Environment. International journal of scientific & Engineering Research , 321-

327.

E.Leblond, G. (2016). Suricata IDPS and Linux Kernel. The Technical Conference on

Linux Networking. Serville, Spain: Stamus Network.

Fekolkin, R. (2015). Intrusion Detection and Prevention Systems: Overview of Snort

and Suricata. Internet Security, A7011N.

Hala Albaroodi, S. M. (2014). Critical Review of Openstack Security: Issues and

Weaknesses. Journal of Computer Science 10 (1), 23-33.

Hanqian Wu, Y. D. (2010). Network Security for virtual machine in cloud computing.

Computer Sciences and Convergence Information Technology (ICCIT), 18-21.

Janssen, D. (n.d.). Virtual machine. Retrieved from Techopedia:

https://www.techopedia.com/definition/4805/virtual-machine-vm

56

Kumar, M. (2017, June 27). Snort in the cloud: A Case Study. Retrieved from

ResearchGate:https://www.researchgate.net/publication/317932467_Snort_in_

the_Cloud_A_Case_Study

Leblond, E. (2011). A Short introduction to Suricata IDPS. (pp. 1-35). OISF.

Nicolae Paladi, C. G. (2012). Trusted Launch of Virtual Machine Instances in Public

IaaS Environments. Ericsson Research.

OpenStack. (2018, December 5). Introduction to OpenStack. Retrieved from

OpenStack:https://docs.openstack.org/security guide/introduction/introduction-

to-openstack.html

Openstack.org. (2017, June 24). Neutron. Retrieved from Openstack:

https://docs.openstack.org/neutron/latest/admin/intro.html

OpenStackComunity. (2018, December 5). Networking Services security best practices.

Retrieved from Openstack: https://docs.openstack.org/security-

guide/networking/securing-services.html

Openstak.org. (2019, March 25). Router. Retrieved from Openstack:

https://docs.openstack.org/python-openstackclient/pike/cli/command-

objects/router.html

Pol, D. U. (2014). Cloud Computing with Open Source Tool: OpenStack. American

Journal of Engineering Research (AJER), 233-240.

Ranger, S. (2018, December 13). What is cloud computing? Everything you need to

know about the cloud, explained. Retrieved from ZD Net :

https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-

to-know-from-public-and-private-cloud-to-software-as-a/

57

Reuben, J. S. (2007). A Survey on Virtual Machine Security. TKK T-110.5290 Seminar

on Network Security.

Ritov, S. (2013). OpenStack Cloud Security Vulnerabilities from Inside and Outside.

The Fourth International Conference on Cloud Computing, GRIDs, and

Virtualization, 101-107.

Rouse, M. (2017, July). Cloud Computing. Retrieved from TechTarget:

https://searchcloudcomputing.techtarget.com/definition/cloud-computing

Sergey, B. (2016). Intrusion Detection System and Intrusion Prevention System with

Snort provided by Security Onion. University of Applied Sciences.

Weidian Zhan, L. R. (2016). A Secure and VM-supervising VDI System Based on

OpenStack. 2016 International Conference on Cloud Computing and Big Data.

Xichun Yue, L. X. (2016). An Optimized Approach to Protect Virtual Machine Image

Integrity in Cloud Coputing . 2016 7th International Conference on Cloud

Computing and Big Data, 75-80.

58

APPENDIX

GANTT CHART FYP 1

TASK/WEEK 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Topic

Discussion and

Determination

Project Title

Proposal

Proposal

Writing –

Introduction,

problems

statements,

objectives,

scopes

Proposal

Writing –

Literature

Review

(Research on

the related

project)

Presentation 1

Proposed

Solution –

Methodology

(use flowchart

and Suricata

IDPS

technique)

Draft Report

Submit Draft

Report

Presentation 2

Final Report

FYP

59

GANTT CHART FYP 1

TASK/WEEK 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Project

Meeting with

Supervisor

Project

Development

Proposal

Progress

Presentation &

Evaluation

Project

Development

(continued)

Project Testing

FYP Format

Writing

Workshop

Submit Draft

Report

Seminar

Presentation &

Evaluation

Discussion &

Correction

Report

Final Thesis

Submission