- Text
- History
Increasing virtual machine security
Increasing virtual machine security in cloud
environments
Roland Schwarzkopf
*
, Matthias Schmidt, Christian Strack, Simon Martin and Bernd Freisleben
Abstract
A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines
to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the
installation and use of user software, but it may lead to security issues. The providers usually delegate the task of
keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task.
Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest
software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as
providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually
outdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a
solution that handles multiple software repositories fromdifferent vendors and identifies the correct packages is a
challenging task. The Update Checker presented in this article identifies outdated software packages in virtual
machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite
performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents
execution of flawed virtual machines. The article presents the design, the implementation and an experimental
evaluation of the two components
environments
Roland Schwarzkopf
*
, Matthias Schmidt, Christian Strack, Simon Martin and Bernd Freisleben
Abstract
A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines
to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the
installation and use of user software, but it may lead to security issues. The providers usually delegate the task of
keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task.
Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest
software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as
providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually
outdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a
solution that handles multiple software repositories fromdifferent vendors and identifies the correct packages is a
challenging task. The Update Checker presented in this article identifies outdated software packages in virtual
machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite
performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents
execution of flawed virtual machines. The article presents the design, the implementation and an experimental
evaluation of the two components
0/5000
提高虚拟机的云安全
环境
罗兰施华蔻
*
,马蒂亚斯施密特,西蒙马丁和贝尔恩德基督教斯特拉克,户外生活
摘要
在基础设施即服务云或虚拟网格计算是一种常见的方式为客户提供虚拟机
在远程资源执行他们的软件。充分超级用户权限的用户可以
安装和使用软件的用户,但它可能会导致安全问题。供应商通常代表
保持虚拟机到客户的任务,而客户期望供应商来执行这项任务。
因此,大量的虚拟机(或管理或休眠)没有对最新的
软件漏洞补丁。提出的方法在本文中论述了这些问题,通过帮助用户以及
供应商保持虚拟机上的日期。在更新步骤之前,关键是要知道软件实际上是
远程安全漏洞影响的过时的或。而这些任务似乎是简单的,开发一个
溶液处理多个不同厂商的软件库,并确定正确的包是一个
具有挑战性的任务。在这篇文章中提出的更新检查虚拟
机器识别过时的软件包,无论虚拟机正在运行或处于休眠状态的磁盘。该在线渗透
套房执行预先部署扫描技术使用了安全漏洞的虚拟机和虚拟机的执行
缺陷的防止。本文介绍了设计,和这两个部分的实验
实施评价
环境
罗兰施华蔻
*
,马蒂亚斯施密特,西蒙马丁和贝尔恩德基督教斯特拉克,户外生活
摘要
在基础设施即服务云或虚拟网格计算是一种常见的方式为客户提供虚拟机
在远程资源执行他们的软件。充分超级用户权限的用户可以
安装和使用软件的用户,但它可能会导致安全问题。供应商通常代表
保持虚拟机到客户的任务,而客户期望供应商来执行这项任务。
因此,大量的虚拟机(或管理或休眠)没有对最新的
软件漏洞补丁。提出的方法在本文中论述了这些问题,通过帮助用户以及
供应商保持虚拟机上的日期。在更新步骤之前,关键是要知道软件实际上是
远程安全漏洞影响的过时的或。而这些任务似乎是简单的,开发一个
溶液处理多个不同厂商的软件库,并确定正确的包是一个
具有挑战性的任务。在这篇文章中提出的更新检查虚拟
机器识别过时的软件包,无论虚拟机正在运行或处于休眠状态的磁盘。该在线渗透
套房执行预先部署扫描技术使用了安全漏洞的虚拟机和虚拟机的执行
缺陷的防止。本文介绍了设计,和这两个部分的实验
实施评价
Being translated, please wait..
Increasing virtual machine security in cloud
environments
Roland Schwarzkopf
*
, Matthias Schmidt, Christian Strack, Simon Martin and Bernd Freisleben
Abstract
A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines
to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the
installation and use of user software, but it may lead to security issues. The providers usually delegate the task of
keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task.
Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest
software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as
providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually
outdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a
solution that handles multiple software repositories fromdifferent vendors and identifies the correct packages is a
challenging task. The Update Checker presented in this article identifies outdated software packages in virtual
machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite
performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents
execution of flawed virtual machines. The article presents the design, the implementation and an experimental
evaluation of the two components
environments
Roland Schwarzkopf
*
, Matthias Schmidt, Christian Strack, Simon Martin and Bernd Freisleben
Abstract
A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines
to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the
installation and use of user software, but it may lead to security issues. The providers usually delegate the task of
keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task.
Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest
software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as
providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually
outdated or affected by remote security vulnerabilities. While these tasks seem to be straightforward, developing a
solution that handles multiple software repositories fromdifferent vendors and identifies the correct packages is a
challenging task. The Update Checker presented in this article identifies outdated software packages in virtual
machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite
performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents
execution of flawed virtual machines. The article presents the design, the implementation and an experimental
evaluation of the two components
Being translated, please wait..
Other languages
The translation tool support: Afrikaans, Albanian, Amharic, Arabic, Armenian, Azerbaijani, Basque, Belarusian, Bengali, Bosnian, Bulgarian, Catalan, Cebuano, Chichewa, Chinese, Chinese Traditional, Corsican, Croatian, Czech, Danish, Detect language, Dutch, English, Esperanto, Estonian, Filipino, Finnish, French, Frisian, Galician, Georgian, German, Greek, Gujarati, Haitian Creole, Hausa, Hawaiian, Hebrew, Hindi, Hmong, Hungarian, Icelandic, Igbo, Indonesian, Irish, Italian, Japanese, Javanese, Kannada, Kazakh, Khmer, Kinyarwanda, Klingon, Korean, Kurdish (Kurmanji), Kyrgyz, Lao, Latin, Latvian, Lithuanian, Luxembourgish, Macedonian, Malagasy, Malay, Malayalam, Maltese, Maori, Marathi, Mongolian, Myanmar (Burmese), Nepali, Norwegian, Odia (Oriya), Pashto, Persian, Polish, Portuguese, Punjabi, Romanian, Russian, Samoan, Scots Gaelic, Serbian, Sesotho, Shona, Sindhi, Sinhala, Slovak, Slovenian, Somali, Spanish, Sundanese, Swahili, Swedish, Tajik, Tamil, Tatar, Telugu, Thai, Turkish, Turkmen, Ukrainian, Urdu, Uyghur, Uzbek, Vietnamese, Welsh, Xhosa, Yiddish, Yoruba, Zulu, Language translation.
- suck
- εισαι μαλακας
- why you send the commercial invoice and
- individuality
- ในหลวงคือพ่อของแผ่นดิน
- είσαι μαλάκας
- Bạn hãy thực hiện như tôi bảo
- barely
- Bời vì tôi muốn mọi thức cần phải thanh
- Я люблю тебя Катюша!!!
- ฉันจะกอดคุณให้แน่น
- i barely have better one
- Ký tên và đóng dấu
- เพื่อนฉัน
- I will hug you tight.
- я люблю тебя
- เหลืออีกแค่ 3 วัน ที่ฉันต้องไปทำงาน
- กะเทยอ้วย
- Specifically we are looking for small an
- i already own the best one
- อีกแค่ 3 วัน ที่ฉันต้องไปทำงาน
- i already own
- sults (English) 2:I will hug you, warm
- striking
