Exploring the automatic identification and resolution of software vulnerabilities in grid-based environments

Muhammad, Jan (2013) Exploring the automatic identification and resolution of software vulnerabilities in grid-based environments. PhD thesis, University of Glasgow.

Full text available as:
[img]
Preview
PDF
Download (4MB) | Preview

Abstract

Security breaches occur due to system vulnerabilities with numerous reasons including; erro- neous design (human errors), management or implementation errors. Vulnerabilities are the weaknesses that allow an attacker to violate the integrity of a system. To address this, system administrators and security professionals typically employ tools to determine the existence of vulerabilities. Security breaches can be dealt with through reactive or proactive methods. Reactive approaches are passive, in which when a breach occurs, site administrators respond to provide damage control, tracking down how the attacker got in, resolving the vulnerability and fixing the system. On the other hand, proactive approaches preemptively discover and fix vulnerabilities in their systems and networks before attacks can occur. For many research and business areas, organizations need to collaborate with peers by sharing their resources (storage servers, clusters, databases etc). This is often achieved through formation of Virtual Organisations (VO). For successful operation of such endeavors, security is a key issue and system configuration is vital. A faulty or incomplete configuration of a given site can cause hinderances to their normal operation and indeed be a threat to the whole VO. Management of such infrastructures is complex since they should ideally address the overall configuration and management of a dynamic set of VO-specific resources across multiple sites, as well as configuration and management of the underlying infrastructure upon which the VO exists - referred to in this thesis as the fabric. This thesis investigates the feasibility of using a proactive approach towards detecting vulner- abilities across VO resources. First, it investigates whether vulnerability assessment tools can preemptively help in detecting fabric level weaknesses. Then it explores how the combina- tion of advanced authorisation infrastructures with configuration management tools can allow distributed site administrators to address the challenges associated with vulnerabilities. The primary contribution of this work is a novel approach for vulnerability management which addresses the specific challenges facing VO-wide security and incorporation of fabric man- agement security considerations.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: Configuration management, vulnerability assessment, virtual organisation, grid
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Colleges/Schools: College of Science and Engineering > School of Computing Science
Funder's Name: UNSPECIFIED
Supervisor's Name: Sinnott, Prof. Richard
Date of Award: 2013
Depositing User: Dr Jan Muhammad
Unique ID: glathesis:2013-4398
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 18 Jun 2013 09:00
Last Modified: 18 Jun 2013 09:00
URI: http://theses.gla.ac.uk/id/eprint/4398

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year