A host-based security assessment architecture for effective leveraging of shared knowledge
Master of Science === Department of Computing and Information Sciences === Xinming (Simon) Ou === Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effe...
Main Author: | |
---|---|
Language: | en_US |
Published: |
Kansas State University
2009
|
Subjects: | |
Online Access: | http://hdl.handle.net/2097/1296 |
id |
ndltd-KSU-oai-krex.k-state.edu-2097-1296 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-KSU-oai-krex.k-state.edu-2097-12962016-03-01T03:50:00Z A host-based security assessment architecture for effective leveraging of shared knowledge Rakshit, Abhishek Vulnerability analysis Network security Computer Science (0984) Master of Science Department of Computing and Information Sciences Xinming (Simon) Ou Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. It is not easy to incorporate new security analysis tools and/or various security knowlege- bases in the conventional approach, since this would entail installing new agents on every host in the enterprise network. This report presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. At the same time, the architecture also allows for leveraging third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent in its ability to comprehensively leverage third-party security knowledge, and is flexible to support various higher-level security analysis. 2009-03-16T15:08:06Z 2009-03-16T15:08:06Z 2009-03-16T15:08:06Z 2009 May Report http://hdl.handle.net/2097/1296 en_US Kansas State University |
collection |
NDLTD |
language |
en_US |
sources |
NDLTD |
topic |
Vulnerability analysis Network security Computer Science (0984) |
spellingShingle |
Vulnerability analysis Network security Computer Science (0984) Rakshit, Abhishek A host-based security assessment architecture for effective leveraging of shared knowledge |
description |
Master of Science === Department of Computing and Information Sciences === Xinming (Simon) Ou === Security scanning performed on computer systems is an important step to identify and
assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present
on a host. Legitimate concerns arise since host-based security scanners typically need to
run at administrative privileges, and takes input from external knowledge sources for the
analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the
whole system if the scanner is susceptible to, or carries one or more vulnerability itself.
It is not easy to incorporate new security analysis tools and/or various security knowlege-
bases in the conventional approach, since this would entail installing new agents on every
host in the enterprise network. This report presents an architecture where a host-based
security scanner's code base can be minimized to an extent where its correctness can be
verified by adequate vetting. At the same time, the architecture also allows for leveraging
third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an
enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a
host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent
in its ability to comprehensively leverage third-party security knowledge, and is
flexible to
support various higher-level security analysis. |
author |
Rakshit, Abhishek |
author_facet |
Rakshit, Abhishek |
author_sort |
Rakshit, Abhishek |
title |
A host-based security assessment architecture for effective leveraging of shared knowledge |
title_short |
A host-based security assessment architecture for effective leveraging of shared knowledge |
title_full |
A host-based security assessment architecture for effective leveraging of shared knowledge |
title_fullStr |
A host-based security assessment architecture for effective leveraging of shared knowledge |
title_full_unstemmed |
A host-based security assessment architecture for effective leveraging of shared knowledge |
title_sort |
host-based security assessment architecture for effective leveraging of shared knowledge |
publisher |
Kansas State University |
publishDate |
2009 |
url |
http://hdl.handle.net/2097/1296 |
work_keys_str_mv |
AT rakshitabhishek ahostbasedsecurityassessmentarchitectureforeffectiveleveragingofsharedknowledge AT rakshitabhishek hostbasedsecurityassessmentarchitectureforeffectiveleveragingofsharedknowledge |
_version_ |
1718196318811193344 |