Master of Science / Department of Computing and Information Sciences / Xinming (Simon) Ou / Security scanning performed on computer systems is an important step to identify and
assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present
on a host. Legitimate concerns arise since host-based security scanners typically need to
run at administrative privileges, and takes input from external knowledge sources for the
analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the
whole system if the scanner is susceptible to, or carries one or more vulnerability itself.
It is not easy to incorporate new security analysis tools and/or various security knowlege-
bases in the conventional approach, since this would entail installing new agents on every
host in the enterprise network. This report presents an architecture where a host-based
security scanner's code base can be minimized to an extent where its correctness can be
verified by adequate vetting. At the same time, the architecture also allows for leveraging
third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an
enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a
host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent
in its ability to comprehensively leverage third-party security knowledge, and is
flexible to
support various higher-level security analysis.
| Identifer | oai:union.ndltd.org:KSU/oai:krex.k-state.edu:2097/1296 |
| Date | January 1900 |
| Creators | Rakshit, Abhishek |
| Publisher | Kansas State University |
| Source Sets | K-State Research Exchange |
| Language | en_US |
| Detected Language | English |
| Type | Report |
Page generated in 0.0019 seconds