摘要: Vulnerability assessments are best practices for computersecurity and requirements regulatory compliance. Potentialand existing security holes can be identified during vulnerabilityassessments breaches could averted. However, the unique nature of cloud computing environmentsrequires more dynamic assessment techniques. The proliferationof services cloud-aware applications introduce morecloud vulnerabilities. But, current measures identification, mitigation prevention vulnerabilities do not suffice. Our investigations indicate a possible reason this inefficiencyto lapses in availability precise, vulnerability information. We observed also that most research efforts context concentrate on IaaS, leaving other models largely unattended. Similarly, tackle general rather than specific Yet, mitigating is important security. Hence, paper proposes new approach addresses mentioned issues by monitoring, acquiring adapting publicly available information effective assessments. correlate from public databases develop Network Tests have implemented, evaluated verified suitability our approach.
computer.org
sci-hub.se 参考文章(12)
Su Zhang, Doina Caragea, Xinming Ou, An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities Lecture Notes in Computer Science. pp. 217- 231 ,(2011) , 10.1007/978-3-642-23088-2_15
Sören Bleikertz, Matthias Schunter, Christian W. Probst, Dimitrios Pendarakis, Konrad Eriksson, Security audits of multi-tier virtual infrastructures in public infrastructure clouds cloud computing security workshop. pp. 93- 102 ,(2010) , 10.1145/1866835.1866853
Viet Hung Nguyen, Fabio Massacci, The (un)reliability of NVD vulnerable versions data: an empirical experiment on Google Chrome vulnerabilities computer and communications security. pp. 493- 498 ,(2013) , 10.1145/2484313.2484377
William M. Fitzgerald, Simon N. Foley, Avoiding inconsistencies in the Security Content Automation Protocol communications and networking symposium. pp. 454- 461 ,(2013) , 10.1109/CNS.2013.6682760
Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro, A security analysis of amazon's elastic compute cloud service acm symposium on applied computing. pp. 1427- 1434 ,(2012) , 10.1145/2245276.2232005
Keiko Hashizume, David G Rosado, Eduardo Fernández-Medina, Eduardo B Fernandez, An analysis of security issues for cloud computing Journal of Internet Services and Applications. ,vol. 4, pp. 5- ,(2013) , 10.1186/1869-0238-4-5
Su Zhang, Xinwen Zhang, Xinming Ou, After we knew it: empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across IaaS cloud computer and communications security. pp. 317- 328 ,(2014) , 10.1145/2590296.2590300
Lori M. Kaufman, Can Public-Cloud Security Meet Its Unique Challenges? ieee symposium on security and privacy. ,vol. 8, pp. 55- 57 ,(2010) , 10.1109/MSP.2010.120
Hsin-Yi Tsai, Melanie Siebenhaar, Andre Miede, Yulun Huang, Ralf Steinmetz, Threat as a Service?: Virtualization's Impact on Cloud Security IT Professional. ,vol. 14, pp. 32- 37 ,(2012) , 10.1109/MITP.2011.117
Bernd Grobauer, Tobias Walloschek, Elmar Stocker, Understanding Cloud Computing Vulnerabilities ieee symposium on security and privacy. ,vol. 9, pp. 50- 57 ,(2011) , 10.1109/MSP.2010.115