A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines\r\nto customers to execute their software on remote resources. Giving full superuser permissions to customers eases the\r\ninstallation and use of user software, but it may lead to security issues. The providers usually delegate the task of\r\nkeeping virtual machines up to date to the customers, while the customers expect the providers to perform this task.\r\nConsequently, a large number of virtual machines (either running or dormant) are not patched against the latest\r\nsoftware vulnerabilities. The approach presented in this article deals with these problems by helping users as well as\r\nproviders to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually\r\noutdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a\r\nsolution that handles multiple software repositories from different vendors and identifies the correct packages is a\r\nchallenging task. The Update Checker presented in this article identifies outdated software packages in virtual\r\nmachines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite\r\nperforms pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents\r\nexecution of flawed virtual machines. The article presents the design, the implementation and an experimental\r\nevaluation of the two components.
Loading....