A host-based security assessment architecture for effective leveraging of shared knowledge

K-REx Repository

Show simple item record

dc.contributor.author Rakshit, Abhishek
dc.date.accessioned 2009-03-16T15:08:06Z
dc.date.available 2009-03-16T15:08:06Z
dc.date.issued 2009-03-16T15:08:06Z
dc.identifier.uri http://hdl.handle.net/2097/1296
dc.description.abstract Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. It is not easy to incorporate new security analysis tools and/or various security knowlege- bases in the conventional approach, since this would entail installing new agents on every host in the enterprise network. This report presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. At the same time, the architecture also allows for leveraging third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent in its ability to comprehensively leverage third-party security knowledge, and is flexible to support various higher-level security analysis.
dc.language.iso en_US en
dc.publisher Kansas State University en
dc.subject Vulnerability analysis en
dc.subject Network security en
dc.title A host-based security assessment architecture for effective leveraging of shared knowledge en
dc.type Report en
dc.description.degree Master of Science en
dc.description.level Masters en
dc.description.department Department of Computing and Information Sciences en
dc.description.advisor Xinming (Simon) Ou en
dc.subject.umi Computer Science (0984) en
dc.date.published 2009 en
dc.date.graduationmonth May en

Files in this item


Files Size Format View

This item appears in the following Collection(s)

Show simple item record