Browse > Article
http://dx.doi.org/10.3745/KTCCS.2014.3.1.23

An Efficient Agent Framework for Host-based Vulnerability Assessment System in Virtualization Environment  

Yang, Jin-Seok (한국전자통신연구원 부설연구소)
Chung, Tai-Myoung (성균관대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.3, no.1, 2014 , pp. 23-30 More about this Journal
Abstract
In this paper, we propose an efficient agent framework for host-based vulnerability assessment system by analyzing the operational concept of traditional vulnerability assessment framework and proposed vulnerability assessment agent framework in virtualization environment. A proposed agent framework have concept by using the features of virtualization technology, it copy and execute checking agent in targeted virtual machines. In order to embody a propose agent framework, we design function block of checking agent and describe a vulnerability checking scenario of proposed agent framework. Also we develop pilot system for vulnerability checking scenario. We improve the shortcomings of the traditional vulnerability assessment system, such as unnecessary system load of the agent, inefficiency due to duplication agent installation. Moreover, the proposed agent framework is maximizing the scalability of the system because there is no agent installation when adding a targeted system.
Keywords
Virtualization; Vulnerability Assessment System; Host-based Vulnerability Assessment System;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 KISA, "Security Guidebook for Cloud Service", white paper, Oct., 2011.
2 wikipedia, 가상화의 정의, http://ko.wikipedia.org/wiki/가상화
3 Jae Seung Lee and Sang Choon Kim, "Design of the Security Evaluation System for Decision Support in the Enterprise Network Security Management", Journal of KIISE(Korean Institutes of Information Scientists and Engineers), Vol. 30, No.6, pp.776-786, Dec., 2003.   과학기술학회마을
4 KISA, "Guide for Selecting system Vulnerability Assessment Tools", white paper, Sep., 2002.
5 Sung-Kyong Un, "Trend of Cloud Computing Security Technology", Review of KIISC(Korea Institute of Information Security and Cryptology) Vol. 20, No. 2, pp.27-31. Apr., 2010.
6 CSA, "Security Guidance for Critical Areas of Focus in Cloud Computing v3.0", white paper, 2011.
7 Tae-Hyoung Kim, et al.,"Trend of Cloud Computing Security Technology", Review of KIISE, pp.30-38, Jan., 2012.   과학기술학회마을
8 Karen Scarfone, Murugiah Souppaya and Paul Hoffman, "Guide to Security for Full Virtualization Technologies", NIST SP800-125, Jan., 2010.
9 Citrix, "Citrix XenServer Management API", Sep., 2012.
10 Libvirt API reference, http://www.libvirt.org/html/libvirt-libvirt.html
11 VIX API Reference, http://www.vmware.com/support/developer/vix-api/vix112_ reference/index2.html
12 Jun Yoon and Wontae Sim, "An Automatic Network Vulnerability Analysis System using Multiple Vulnerability Scanner", Journal of KIISE Vol. 14 No. 2, Apr., 2008.
13 Ji-Hong Kim and Whi-Kang Kim, "Automated Attack Path Enumeration Method based on System Vulnerabilities Analysis", KIISC Vol. 22, No. 5, pp.1079-1090, Oct., 2012.   과학기술학회마을
14 NileSoft, "보안취약점 분석도구 선택 기준", http://www. nilesoft.co.kr/sub/vulnerability/vulnerability_02.html
15 SECUI, "SECUI SCAN V2.0", SECUI SCAN product brochure.
16 NileSoft, "Secu Guard SSE, system vulnerability assessment scanner", Secu Guard SSE product brochure.
17 KISA, "정보보호관리체계 통제사항 가이드", white paper, 12 월 2004년.