ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

PKG-VUL: Security Vulnerability Evaluation and Patch Framework for Package-Based Systems

  • Received : 2008.10.03
  • Accepted : 2009.08.18
  • Published : 2009.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In information security and network management, attacks based on vulnerabilities have grown in importance. Malicious attackers break into hosts using a variety of techniques. The most common method is to exploit known vulnerabilities. Although patches have long been available for vulnerabilities, system administrators have generally been reluctant to patch their hosts immediately because they perceive the patches to be annoying and complex. To solve these problems, we propose a security vulnerability evaluation and patch framework called PKG-VUL, which evaluates the software installed on hosts to decide whether the hosts are vulnerable and then applies patches to vulnerable hosts. All these operations are accomplished by the widely used simple network management protocol (SNMP). Therefore, system administrators can easily manage their vulnerable hosts through PKG-VUL included in the SNMP-based network management systems as a module. The evaluation results demonstrate the applicability of PKG-VUL and its performance in terms of devised criteria.

Keywords

References

  1. E. Rescorla, “Security Holes... Who Cares?” Proc. 12th USENIX Security Symposium, Aug. 2003, pp. 75-90.
  2. J.R. Crandall, Z. Su, and S.F. Wu, “Intrusion Detection and Prevention: On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits,” Proc. 12th ACM Conf. Computer and Communications Security, Nov. 2005, pp. 235-248.
  3. Website of Common Vulnerabilities and Exposures, http://cve.mitre.org (accessed Jan. 2008)
  4. J.-H. Lee et al., “PKG-MIB: Private-mib for Package-Based Linux Systems in a Large Scale Management Domain,” Lecture Notes in Computer Science, vol. 4496, May 2007, pp. 833-840.
  5. CERT Advisory for Code Red Worm, http://www.cert.org/advisories/CA-2001-19.html (accessed June 2009).
  6. CERT Advisory for Nimda Worm, http://www.cert.org/advisories/CA-2001-26.html (accessed June 2009).
  7. CERT Advisory for MS-SQL Worm, http://www.cert.org/advisories/CA-2003-04.html (accessed June 2009).
  8. H. J. Wang et al., “Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits,” Proc. ACM SIGCOMM, Aug. 2004, pp. 193-204.
  9. J. Newsome and D. Song, “Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software,” Proc. 12th Annual Network and Distributed System Security Symposium, Feb. 2005.
  10. S. Sidiroglou et al., “Building a Reactive Immune System for Software Services,” Proc. USENIX Annual Technical Conference, Apr. 2005, pp. 149-161.
  11. Snort, http://www.snort.org (accessed June 2009).
  12. Nessus, http://www.nessus.org (accessed June 2009).
  13. Website of Computer Emergency Response Team (CERT), http://www.cert.org (accessed Jan. 2008).
  14. Website of IBM Internet Security Systems (ISS), http://www.iss.net (accessed June 2009).
  15. W.A. Arbaugh, W.L. Fithen, and J. McHugh, “Windows of Vulnerability: A Case Study Analysis,” IEEE Computer, vol. 33, no. 12, Dec. 2000, pp. 52-59. https://doi.org/10.1109/2.889093
  16. A. Arora, A. Nandkumar, and R. Telang, “Does Information Security Attack Frequency Increase with Vulnerability Disclosure? An Empirical Analysis,” Information Systems Frontiers, vol. 8, no. 5, Nov. 2006, pp. 350-362. https://doi.org/10.1007/s10796-006-9012-5
  17. G. Noronha Silva, “APT HOWTO,” http://www.debian.org/doc/manuals/apt-howto (accessed June 2009).
  18. B. Arumugam, “Ubuntu Server Guide v6.06,” https://help.ubuntu.com/ubuntu/serverguide/C (accessed June 2009).
  19. Website of Ubuntu security notices (USN), http://www.ubuntu.com/usn (accessed June 2009).
  20. R. Davies, “Firewalls, Intrusion Detection Systems and Vulnerability Assessment: A Superior Conjunction?” Network Security, vol. 2002, no. 9, Sept. 2002, pp. 8-11. https://doi.org/10.1016/S1353-4858(02)09009-8

Cited by

  1. Secure firmware validation and update for consumer devices in home networking vol.62, pp.1, 2016, https://doi.org/10.1109/tce.2016.7448561
  2. Maximum correlation based mutual information scheme for intrusion detection in the data networks vol.189, pp.None, 2022, https://doi.org/10.1016/j.eswa.2021.116089