Designing an efficient framework for vulnerability assessment and patching (VAP) in virtual environment of cloud computing

Abstract

With the rapid growth of virtualization-based computing technologies, the demand of better security for virtualization is increased. For cloud IaaS providers, it is important to offer secured and vulnerability-free resources to the users for improving the quality of service. The research has shown that virtual machine (VM) created from the VM image contains vulnerabilities which can lead to serious security risks. The traditional in-VM vulnerability scanners require the user to maintain the VM scanning and patching software. In addition, scanning a VM at runtime is time-consuming and may require to pause the VM for specific time. We explore the feasibility of implementing risk assessment of a VM at entry level with negligible delay in VM provisioning. In this paper, we design an automated vulnerability assessment and patching framework for VMs. It finds the highly severe vulnerabilities through proper analysis of vulnerabilities and patch them. In addition, the VM risk is analyzed based on the unpatched vulnerabilities and high-risk VM undergo for the continuous monitoring. We validate the feasibility of the proposed framework on cloud test bed at NIT Goa by performing different experiments about vulnerability assessment and patching.