CFP last date
20 January 2025
Reseach Article

Rapid and Proactive Approach on Exploration of Vulnerabilities in Cloud based Operating Systems

by S. Ramachandran, A. Ramachandran
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 42 - Number 3
Year of Publication: 2012
Authors: S. Ramachandran, A. Ramachandran
10.5120/5675-7711

S. Ramachandran, A. Ramachandran . Rapid and Proactive Approach on Exploration of Vulnerabilities in Cloud based Operating Systems. International Journal of Computer Applications. 42, 3 ( March 2012), 37-44. DOI=10.5120/5675-7711

@article{ 10.5120/5675-7711,
author = { S. Ramachandran, A. Ramachandran },
title = { Rapid and Proactive Approach on Exploration of Vulnerabilities in Cloud based Operating Systems },
journal = { International Journal of Computer Applications },
issue_date = { March 2012 },
volume = { 42 },
number = { 3 },
month = { March },
year = { 2012 },
issn = { 0975-8887 },
pages = { 37-44 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume42/number3/5675-7711/ },
doi = { 10.5120/5675-7711 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:30:33.653604+05:30
%A S. Ramachandran
%A A. Ramachandran
%T Rapid and Proactive Approach on Exploration of Vulnerabilities in Cloud based Operating Systems
%J International Journal of Computer Applications
%@ 0975-8887
%V 42
%N 3
%P 37-44
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These assets can be dynamically reconfigured to adjust to a variable scale, allowing also for optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the infrastructure provider by means of customized service level agreement (SLA). Cloud computing was originally designed for dealing with problems involving large amounts of data and/or compute-intensive applications. The vulnerabilities inherent in the Cloud systems should be addressed so they can be eliminated before exploited by malicious software or hackers. Our approach plays a major role in detecting and managing vulnerabilities present in the Cloud infrastructure. Implementation of this methodology proves to be cost effective and saves analyzing time.

References
  1. Antunes, J. ; Neves, N. ; Correia, M. ; Verissimo, P. ; Neves, R. ; Vulnerability Discovery with Attack Injection, 2010, vol. 36, pp. 357 - 370
  2. Citadel™ Security Software Inc. https://hercules. citadel. com/docs/301VulGuide. pdf,Pagevisited 051104.
  3. Vulnerability Assessments: http://www. bitpipe. com/tlist/Vulnerability-Assessments. html
  4. IBM Security product Information Center http://documents. iss. net/whitepapers/nva. pdf.
  5. Zero-day attack : http://en. wikipedia. org/wiki/Zero-day_exploit, page visited 061203.
  6. DATABASE
  7. Security Technical Implementation Guide : www. databasesecurity. com/dbsec/database-stig-v7r1. pdf.
  8. Oracle Database Listener Security Guide : www. integrigy. com/. . . /Integrigy_Oracle_Listener_TNS_Security. pdf.
  9. B. Marick, The craft of software testing, Prentice Hall. 1995.
  10. I. V. Krsul, Software Vulnerability Analysis, PhD Thesis, Purdue University, 1998.
  11. Search security: www. symantec. com/connect/articles/vulnerability-assessment-survey.
  12. vulnerability analysis (vulnerability assessment); http://searchsecurity. techtarget. com/sDefinition/0, , sid14_gci1176511, 00. html
  13. R. Fussell, Vulnerability Assessment: Network based versus host based, Technical report, SANS Institute, 2002.
  14. Corregedor, M. ; Von Solms, S. ; "Implementing rootkits to address operating system vulnerabilities", Information Security South Africa (ISSA), 2011, pp. 1-8.
  15. Lee, S. C. ; Davis, L. B. ; "Learning from experience: operating system vulnerability trends", IT Professional , 2003, vol. 5, pp. 17-24.
  16. Jihong Song; Guiying Hu; QuanSheng Xu; "Operating System Security and Host Vulnerability Evaluation", Management and Service Science, 2009. MASS '09. International Conference, 2009, pp. 1-4.
  17. Butt, S. ; Ganapathy, V. ; Swift, M. M. ; Chih-Cheng Chang; "Protecting Commodity Operating System Kernels from Vulnerable Device Drivers", Computer Security Applications Conference, 2009. ACSAC '09. Annual , pp. 301-310.
  18. Alhazmi, O. H. ; Malaiya, Y. K. ; "Application of Vulnerability Discovery Models to Major Operating Systems", Reliability, IEEE Transactions, 2008, vol. 57, pp. 14-22.
  19. Shumei Liu; "Research of operating system virus defense strategy", Computer Science and Service System (CSSS), 2011 International Conference, 2011, pp. 3419-3421.
  20. A. Kieyzun, P. J. Guo, K. Jayaraman, and M. D. Ernst. "Automatic creation of SQL injection and cross-site scripting attacks", Proceedings of the 2009 IEEE 31st International Conference on Software Engineering, pp. 199-209, 2009.
  21. C. Cachin and S. Tessaro. "Optimal resilience for erasure-coded Byzantine distributed storage. " Distributed Computing, pp. 497-498, 2005.
  22. C. Cowan, P. Wagle, C. Pu, S. Beattie and J. Walpole. "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," oasis, pp. 227, Foundations of Intrusion Tolerant Systems (OASIS'03), 2003.
  23. E. Levy and I. Arce. "New threats and attacks on the world wide web. " IEEE Security & Privacy, pp. 234-266, 2006
  24. Callegati, W. Cerroni, and M. Ramilli. "Man-in-the-Middle Attack to the HTTPS Protocol," IEEE Security and Privacy, vol. 7, no. 1, pp. 78-81, Jan. /Feb. 2009, doi:10. 1109/MSP. 2009. 12
  25. I. M. Abbadi and M. Alawneh. "Replay Attack of Dynamic Rights within an Authorised Domain," securware, pp. 148-154, 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009.
  26. J. Antunes, N. F. Neves, and P. J. Ver. "Detection and Prediction of Resource-Exhaustion Vulnerabilities" issre, pp. 87-96, 2008 19th International Symposium on Software Reliability Engineering, 2008.
  27. J. Lee, M. Tehranipoor, C. Patel and J. Plusquellic. "Securing Designs against Scan-Based Side-Channel Attacks. " IEEE transactions on dependable and secure computing, vol. 4, no. 4, pp. 325-336, 2007.
  28. K. , Driscoll, B. Hall, H. Sivencrona, and P. Zumsteg. "Byzantine fault tolerance, from theory to reality. " Computer Safety, Reliability, and Security, vol. 2788, pp. 235-248, 2003, doi: 10. 1007/b12002
  29. M. D. Preda, M. Christodorescu, S. Jha, and S. Debray. "A semantics-based approach to malware detection. ", ACM Transactions on Programming Languages and Systems (TOPLAS), vo. 30, no. 5, pp. 25, 2008
  30. M. F. Mergen, V. Uhlig, O. Krieger and J. Xenidis. "Virtualization for high-performance computing. " ACM SIGOPS Operating Systems Review, vol. 40, no. 2, pp. 11, 2006.
  31. M. McIntosh and P. Austel. "XML signature element wrapping attacks and countermeasures", Proceedings of the 2005 workshop on secure web services, pp. 20-27, 2005.
  32. M. T. Louw, J. S. Lim, and V. N. Venkatakrishnan. "Enhancing web browser security against malware extensions. " Journal in Computer Virology, vol. 4, no. 3, pp. 179-195, 2008.
  33. N. Gruschka and L. Iacono. "Vulnerable Cloud: SOAP Message Security Validation Revisited", IEEE International Conference on Web Services, pp. 625-631, 2009.
  34. Grobauer, B. ; Walloschek, T. ; Stocker, E. ; "Understanding Cloud Computing Vulnerabilities" Vol: 9 Issue:2,pp. 50 - 57 ,2011.
  35. Jeffrey R. Jones, "Estimating Software Vulnerabilities," IEEE Security & Privacy, vol. 5, no. 4, 2007, pp. 28-32
  36. R. Kompella, S. Singh and G Varghese. "On Scalable Attack Detection in the Network. " IEEE/ACM TRANSACTIONS ON NETWORKING vol. 15, no. 1, 2007.
  37. R. Syahputri and M. Hasibuan. "Security in Wireless LAN Attacks and Countermeasures", SNATI, pp. 54-78, 2009.
  38. S. C. Wang, K. Q. Yan, S. S. Wang and C. P. Huang. "Achieving high efficient agreement with malicious faulty nodes on a cloud computing environment", Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human, pp. 468-473, 2009.
  39. S. King and P. Chen. "SubVirt: Implementing malware with virtual machines", IEEE Symposium on Security, pp. 1-14, 2006
  40. W. Liu. "Research on DoS Attack and Detection Programming", IITA, pp. 207-210, 2009.
  41. W. Speirs. "Making the kernel responsible: a new approach to detecting & preventing buffer overflows", Proceedings of the Third IEEE International Workshop on Information Assurance, pp. 21-32, 2005.
  42. X, Fu and K. Qian. "SAFELI: SQL injection scanner using symbolic execution", Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications, pp. 34-39, 2008.
  43. Z. Chen and X. Yan. "Hardware Solution for Detection and Prevention of Buffer Overflow Attacks in CPU Micro-architecture. " RESEARCH AND PROGRESS OF SSE, vol. 26, no. 2 pp. 214-219, 2006.
  44. F. Leu and Z. Li. "Detecting DoS and DDoS Attacks by Using an Intrusion Detection and Remote Prevention System", IEEE Conference and Exposition, pp. 1-15, 2009.
  45. S. , Subashini, V. Kavitha. "A survey on security issues in service delivery models of cloud computing". Journal of Network and Computer Applications, vol. 34, pp. 1-11, 2011.
  46. S. , Brohi, M. , Bamiah, "Challenges and Benefits for Adopting the Paradigm of Cloud Computing", International Journal of Advanced Engineering Sciences and Technologies (IJAEST), vol. 8, pp. 286 - 290, 2011.
  47. A. Ramachandran S. Ramachandran, "Rapid and Proactive Approach on Exploration of Database Vulnerabilities", International Journal on Computer Science and Engineering vol. 4, pp. 224 - 234, 2011.
Index Terms

Computer Science
Information Sciences

Keywords

Cloud Computing Cloud Security Cloud Legal Issues Cloud Storage Security Implications Architecture Implementation Exploitation Vulnerabilities