A Study On The Cloud Hypervisor ESXi Security Vulnerability Analysis Standard

클라우드 하이퍼바이저 ESXi 보안 취약점 진단 기준에 관한 연구

  • Kim, Sun-Jib (Division of Information Technology, Hansei University) ;
  • Heo, Jin (Dept. of ICT Environmental Engineering, Hansei University)
  • 김선집 (한세대학원 IT학부) ;
  • 허진 (한세대학교 ICT환경공학과 대학원)
  • Received : 2020.07.20
  • Accepted : 2020.09.14
  • Published : 2020.09.30


The cloud computing industry is regarded as a key element of the ICT industry and an important industry that will be a watershed for the future development of ICT industry. Korea has established the 1st~2nd cloud computing development basic plan to induce the growth of the cloud industry. However, the domestic information security guide provides technical vulnerability analysis criteria for Unix and Windows servers, DBMS, network equipment, and security equipment, but fails to provide vulnerability analysis criteria for hypervisors that are key elements of cloud computing. Organizations that have deployed cloud systems will be able to assist in vulnerability analysis using the criteria presented in this paper.


  1. J.Y.Kim, "Self-diagnosis of Suitability for the Introduction of Cloud Services in the Public Sector and a Guidebook for the Introduction of Each," TTA, p.15, 2016.
  2. W.Y.Kang, "Recent Cloud Computing Service Trends," NET Term, p.22, 2013.
  3. Gartner, 2019[Internet],
  4. Gartner, 2019[Internet],
  5. S.W.Ahn, "Policy and Direction for Enabling Cloud Computing in Korea," SPRi, pp.1-6, 2019.
  6. M.S.Kang, "Cloud Computing Market Trends and Prospects," KDB Monthly News, Vol.1, No.758, 2019.
  7. "2019 Current State of Domestic Cloud Adoption," Bespin Global, p.19, 2019.
  8. "State of Hybrid Cloud Security," FireMon, p.12, 2019.
  9. "Untangling the Web of Cloud Security Threats," TrendMicro, p.34, 2020.
  10. "Detailed Guide on the Analysis and Evaluation of Vulnerabilities in Major Information and Communication Infrastructure," KISA, p.3, 2017.
  11. "ISMS-P Certification Criteria Guide," KISA, p.175, 2019.
  12. "Guide to Evaluation Criteria for Security Vulnerability of Electronic Financial Infrastructure," FSI p.11, 2020.
  13. "Ministry of Science and ICT public notice 2017-7," MSIT, 2017.
  14. "International Standard ISO/IEC 27017," ISO/IEC p.26, 2015.
  15. "Cloud Security Guide," KISA, p.49, 2017.
  16. ETNews, 2019[Internet],