By Topic

Checking Running and Dormant Virtual Machines for the Necessity of Security Updates in Cloud Environments

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Schwarzkopf, R. ; Dept. of Math. & Comput. Sci., Univ. of Marburg, Marburg, Germany ; Schmidt, M. ; Strack, C. ; Freisleben, B.

A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines to customers to execute their software remotely. While giving full super user permissions eases the installation and use of a customer's software, it may lead to security issues. Providers usually delegate the task of keeping virtual machines up to date to the customer, while the customer expects the provider to perform this task. Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest software vulnerabilities. The approach presented in this paper deals with this problem by helping users as well as providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually outdated. While this task seems trivial, developing a solution that takes care of multiple, different software repositories and identifies the correct packages is a challenging task. The Update Checker presented in this paper identifies outdated software packages in virtual machines, even if the virtual machines are installed with different repositories. The paper presents the design, the implementation and an experimental evaluation of the approach.

Published in:

Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on

Date of Conference:

Nov. 29 2011-Dec. 1 2011