DOI QR코드

DOI QR Code

A Study On The Cloud Hypervisor ESXi Security Vulnerability Analysis Standard

클라우드 하이퍼바이저 ESXi 보안 취약점 진단 기준에 관한 연구

  • Kim, Sun-Jib (Division of Information Technology, Hansei University) ;
  • Heo, Jin (Dept. of ICT Environmental Engineering, Hansei University)
  • 김선집 (한세대학원 IT학부) ;
  • 허진 (한세대학교 ICT환경공학과 대학원)
  • Received : 2020.07.20
  • Accepted : 2020.09.14
  • Published : 2020.09.30

Abstract

The cloud computing industry is regarded as a key element of the ICT industry and an important industry that will be a watershed for the future development of ICT industry. Korea has established the 1st~2nd cloud computing development basic plan to induce the growth of the cloud industry. However, the domestic information security guide provides technical vulnerability analysis criteria for Unix and Windows servers, DBMS, network equipment, and security equipment, but fails to provide vulnerability analysis criteria for hypervisors that are key elements of cloud computing. Organizations that have deployed cloud systems will be able to assist in vulnerability analysis using the criteria presented in this paper.

클라우드 컴퓨팅 산업은 ICT 산업의 핵심 요소로써 미래 ICT 산업 발전의 분수령이 될 중요한 산업분야로 평가받고 있다. 우리나라는 제1~2차 클라우드컴퓨팅 발전 기본계획을 수립하여 클라우드 산업의 성장을 유도하고 있다. 하지만 국내 정보보안 가이드에서 Unix 및 Windows 서버, DBMS, 네트워크 장비, 보안 장비의 기술적 취약점 진단 기준은 제시하고 있으나 클라우드 컴퓨팅의 핵심 요소인 하이퍼바이저에 대한 취약점 진단 기준은 제시하지 못하고 있다. 클라우드 시스템을 구축한 기관에서는 본 논문에서 제시한 기준을 활용하여 취약점 진단을 하는데 도움을 받을 수 있을 것이다.

Keywords

References

  1. J.Y.Kim, "Self-diagnosis of Suitability for the Introduction of Cloud Services in the Public Sector and a Guidebook for the Introduction of Each," TTA, p.15, 2016.
  2. W.Y.Kang, "Recent Cloud Computing Service Trends," NET Term, p.22, 2013.
  3. Gartner, 2019[Internet], https://www.gartner.com/en/newsroom/press-releases/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020
  4. Gartner, 2019[Internet], https://biz.chosun.com/site/data/html_dir/2019/04/03/2019040302058.html
  5. S.W.Ahn, "Policy and Direction for Enabling Cloud Computing in Korea," SPRi, pp.1-6, 2019.
  6. M.S.Kang, "Cloud Computing Market Trends and Prospects," KDB Monthly News, Vol.1, No.758, 2019.
  7. "2019 Current State of Domestic Cloud Adoption," Bespin Global, p.19, 2019.
  8. "State of Hybrid Cloud Security," FireMon, p.12, 2019.
  9. "Untangling the Web of Cloud Security Threats," TrendMicro, p.34, 2020.
  10. "Detailed Guide on the Analysis and Evaluation of Vulnerabilities in Major Information and Communication Infrastructure," KISA, p.3, 2017.
  11. "ISMS-P Certification Criteria Guide," KISA, p.175, 2019.
  12. "Guide to Evaluation Criteria for Security Vulnerability of Electronic Financial Infrastructure," FSI p.11, 2020.
  13. "Ministry of Science and ICT public notice 2017-7," MSIT, 2017.
  14. "International Standard ISO/IEC 27017," ISO/IEC p.26, 2015.
  15. "Cloud Security Guide," KISA, p.49, 2017.
  16. ETNews, 2019[Internet], https://m.etnews.com/20190718000155