國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
Figure 5-1 The Pakiti client cron script.
5.2 Pakiti Server
Since the EGI CSIRT Pakiti server is authenticated by HTTPS, so personal certificates should be imported to the browser in advance and the Distinguished Name (DN) is registered to Access Control List (ACL) on EGI CSIRT Pakiti server. The user have to login by personal certificate such as “C=TW/ O=AS/ OU=GRID/ CN=Chen Yi Chien 124172” for access control of the Pakiti server. After accessing the main page, hosts can be searched by different classifications on the top toolbar. Hosts are searched by sites and the country as Taiwan is chosen with the pull-down menus. The web page lists all current site names that register country information as Taiwan (See Figure 5-2). If the security patches are out-of-date, the warning information in red will be displayed to remind security staffs. Only vulnerable hosts will be shown on this list not all hosts. It helps security staffs to point out problem immediately.
Figure 5-2 Hosts list on Pakiti server and this list sorts hosts by country.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
For more details of the vulnerable site, click on the site name. In Figure 5-3, puppetmaster is the hostname which has 2 security vulnerabilities and 5 related CVE events.
Clicking the hostname to access security patch warning in Figure 5-4, there are all CVE numbers of this vulnerable hostname and all warning security packages need to be updated.
In this case, there are five CVE numbers (2010-2761, 2010-4410, 2011-1487, 2011-2939 and 2011-3597) affected by puppetmaster host. These security patches are shown in the left since many Perl packages need to be updated. CVE-2010-2761 is clicked to get the package names and versions in Figure 5-5.
The Pakiti server is user-friendly to provide the URL for security staffs to connect the official CVE website to search solutions. For example, when CVE-2010-2761 in bold URL on the top is clicked; this main page will connect to Red Hat official website. In Figure 5-6, CVE-2010-2761 and CVE 2010-4410 indicate some related Perl packages on our host machine for update. This page provides bug information and useful RPM to download for updating.
Figure 5-3 security events and CVEs statistics.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
Figure 5-4 all vulnerable CVEs on puppetmaster host.
Figure 5-5 package names and version of CVE-2010-2761.
Figure 5-6 CVE-2010-2761 and 2010-4410 on Red Hat.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
In above case, Pakiti client software is installed on a local host (puppetmaster) and EGI CSIRT Pakiti server monitors vulnerable sites. For this experiment, no security patch is updated in advance, so security patches on puppetmaster should be out-of-date. When Pakiti server collects client information and publishes on its website, puppetmaster is displayed on the list and the server provides some details of CVEs for finding solutions to fix these security patches problem.
In conclusion, Pakiti provides a solution to keep security patches up-to-date; as a result, Pakiti clients should be installed in physical machines or virtual machines when those machines register in VMIC system. This improvement facilitates machines to receive the latest patches in VMIC. So before users download virtual machine images from VMIC, Pakiti server has been monitored security patches and reported to security staffs in advance, to guarantee virtual machines images in VMIC are safe.
‧
The purpose of this research expresses Pakiti improves security in VMIC because of security patches monitoring. However, not all physical or virtual machines have been in a running state, security staffs should be pay much attention to those dormant machines
In order to ensure all virtual machines images to defend all attacks, Pakiti should be applied to monitor the states of dormant machines such as Nuwa. Nuwa is different than Pakiti server to check security patches during registering to VMIC. When images and image lists are subscribed by HEPiX tool and registered to VMIC, all image files are stored in VMIC file system. After that, Nuwa will do the safety analysis and script rewriting in VMIC file system (OpenStack Swift), Nuwa is valuable to trace those offline virtual machine images and update their security patches in time. As the result, Nuwa not only examines online virtual machines but also offline virtual machines in current VMIC environment. On the other hand, a friendly web interface for VMIC is needed, not only users but also image administrators can search or manage virtual machines via this web interface.
There are some enhancements for VMIC in progress. OpenStack has its specific dashboard (Horizon) [49] to connect all OpenStack components via API. VMIC could integrate with OpenStack dashboard in web services based system, and provides identity management services to protect user accounts and passwords are required for authentication and authorization [50] [51] [52]. Or it is better to provide one-time password authentication which utilizes dynamic password facilitates to enhance the security of password [53]. When VMIC web interface provides an entrance with user accounts and passwords, secure password recovery is valuable and essential for VMIC to protect user's sensitive information or avoid malicious attackers [54] [55] [56].
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
In the future, security staffs must strengthen its security in offline patch management, identity management and password recovery schemes in VMIC.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
7 Conclusion
This paper has investigated the security improvement of current VMIC system to strengthen its patch management and monitoring to avoid malicious attacks. Pakiti collected patch reports from its clients and published via web pages. As a result, security staffs could control all virtual machines’ patch status timely and updated them. According to the result, Pakiti was able to monitor plenty of machines effectively but did not increase servers’
overloading. In addition, Pakiti is an open source for customization to apply in customers’
current environments. However, VMIC has already improved partial security functions; it still has some security subjects needed further researches, for instance, offline patch management, identity management and password recovery schemes. The future researches will be focused on these security improvements.
‧
[1] Cloud computing. http://en.wikipedia.org/wiki/Cloud_computing.
[2] M. Armbrust, A. Fox, R. Griffith, and et al. 2009. Above the Clouds: A Berkeley View of Cloud Computing.
http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html.
[3] I. Foster, Y. Zhao, I. Raicu, S. Lu. 2008. Cloud Computing and Grid Computing 360-Degree Compared. Grid Computing Environment Workshop.
[4] P. Mell, T. Grance. 2011. Effectively and Security Using the Cloud Computing Paradigm.
The National Institute of Standards and Technology.
[5] Cloud computing security.http://en.wikipedia.org/wiki/Cloud_computing_security.
[6] Virtualization . http://en.wikipedia.org/wiki/Virtualization.
[7] 陳瀅(2010)。雲端策略。 台北:天下。
[8] Gerald J. Popek. 1974. Formal Requirements for Virtualizable Third Generation Architectures. Magazine Communications of the ACM Volume 17 Issue 7, Pages 412-421.
[9] Virtual Machine. http://en.wikipedia.org/wiki/Virtual_machine.
[10] KVM. http://www.linux-kvm.org/page/Main_Page.
[11] Kernel based Virtual Machine.
http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine.
[12] Oracle VM VirtualBox. https://www.virtualbox.org/.
[13] Oracle VM VirtualBox. http://en.wikipedia.org/wiki/VirtualBox.
[14] VMWare. http://www.vmware.com/.
[15] VMWare. http://en.wikipedia.org/wiki/VMware.
[16] Xen. http://en.wikipedia.org/wiki/Xen.
[17] XEN. http://www.xen.org/.
[18] R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, U. Schwickerath.
2009. Image Distribution Mechanisms in Large Scale Cloud Providers. 2nd IEEE International Conference on Cloud Computing Technology and Science.
[19] Academia Sinica Grid Center (ASGC). http://www.twgrid.org/en/.
[20] Distributed Cloud of ASGC. 2012. The International Symposium on Grid Computing.
[21] The High Energy Physics Unix Information Exchange. https://www.hepix.org/.
[22] The HEPiX Virtualisation Working Group. http://w3.hepix.org/virtualization/.
[23] StratusLab. http://stratuslab.eu/doku.php/start.
[24] M. Vlieta , A. Agarwala , M. Andersona , P. Armstronga , A. Charbonneaub ,
K. Franshama b , I. Gablea , D. Harrisa , R. Impeyb , C. Leavett-Browna , M. Patersona , W.
‧
Podaimab , R.J. Sobiea. 2011. Repoman: A Simple RESTful X.509 Virtual MAchine Image Repository. International Symposium on Grid and Clouds and Open Grid Forum 31.
[25] EGI European Grid Infrastructure. http://www.egi.eu/.
[26] EGI Strategy and Policy. http://www.egi.eu/about/policy/index.html.
[27] Security Policy For The Endorsement and Operation of Virtual Machine Images. https://documents.egi.eu/document/771.
[28] L. Zhang, D. Zhang et al., 2010. Live Digital Forensics in a Virtual Machine. International Conference on Computer Application and System Modeling.
[29] HEPiX Virtualsation Working Group report.
[30] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning. 2009. Managing Security of Virtual Machine Images in a Cloud Environment. CCSW.
[31] Wayne A. Jansen, NIST. 2011. Cloud Hooks: Security and Privacy Issues in Cloud Computing. The 44th Hawaii International Conference on System Sciences.
[32] Scientific Linux CERN6. http://linux.web.cern.ch/linux/scientific6/.
[33] OpenStack. http://www.openstack.org/.
[34] U. Schwickerath, B. Moreira, J. Chien, V. Sharma. 2011. CloudMan and VMIC projects overview. HEPiX Fall.
[35] DESY. http://www.desy.de/index_eng.html.
[36] BitTorrent. http://en.wikipedia.org/wiki/BitTorrent.
[37] Keystone. http://docs.openstack.org/developer/keystone/.
[38] D. Hyde. 2009. A Survey on the Security of Virtual Machines.
[39] Patch (computing). http://en.wikipedia.org/wiki/Patch_(computing).
[40] M. Prochazka, D. Kouril, R. Wartel, C. Kanellopoulos, C. Triantafyllidis. 2011. A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster than Attackers, in Proceedings of Science (PoS). International Symposium on Grid and Clouds.
[41] Pakiti. http://pakiti.sourceforge.net/.
[42] The MITRE Corporation, “Open Vulnerability and Assessment Language”.
http://oval.mitre.org/language/.
[43] MITRE. http://www.mitre.org/.
[44] Common Vulnerabilities and Exposures , CVE. http://cve.mitre.org/.
[45] M. Ma, M. Prochazka, D. Kouril et al. 2012. EGI Security Monitoring, in Proceedings of Science (PoS). International Symposium on Grid and Clouds.
[46] Nagios. http://www.nagios.org/.
[47] W. Zhou, P. Ning, X. Zhang et al. 2010. Always Up-to-date-Scalable Offline Patch of VM Images in a Compute Cloud. ACSAC.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[48] Chroot. http://en.wikipedia.org/wiki/Chroot.
[49] Horizon. http://docs.openstack.org/developer/horizon/.
[50] B.Ross, C. Jackson et al. 2005. Stronger Password Authentication Using browser extensions.
[51] A. Choudhury, P. Kumar et al. 2011. A Strong User Authentication Framework for Cloud Computing. IEEE Asia-Pacific Services Computing Conference.
[52] R. Warschofsky, M. Menzel, C. Meinel. 2011. Automated Security Service Orchestration for the Identity Management in Web Service based Systems. IEEE Asia-Pacific Services Computing Conference.
[53] S. Luo, J. Hu and Z. Chen. 2009. An Identity-Based One-Time Password Scheme with Anonymous Authentication. International Conference on Networks Security, Wireless Communications and Trusted Computing.
[54] L. Jin, H. Takabi, J. Joshi . 2010. Security and Privacy Risks of Using E-mail Address as an Identity pp.906-913. IEEE International Conference on Social Computing.
[55] Reeder, R.W. 2011. When the Password Doesn't Work Secondary Authentication for Websites Volume: 9, Issue: 2, Page43- 49. The IEEE Computer and Reliability Societies.
[56] S. Schechter, S.Egelman, R. Reeder. 2009. It’s Not What You Know, But Who You Know - A social approach to last-resort authentication, CHI.