Skip to main content
SpringerLink
Log in

Policy-Based Vulnerability Assessment for Virtual Organisations

  • Conference paper
Cyberspace Safety and Security (CSS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7672))

Included in the following conference series:

  • 2440 Accesses

Abstract

E-Infrastructures can be used to support e-science and e-research allowing different collaborators from disparate organisations, often from different disciplines and utilising heterogeneous software and hardware, to work together on common research problems. This is typically achieved through the formation of targeted Virtual Organisations (VO). Inter-organisational collaborations also bring challenges of security that must be overcome. There has been much work in e-Research-oriented security, i.e. at the middleware level, but far less on ensuring that middleware-oriented security is not made redundant through ensuring the robustness of the underlying hardware and software (fabric) upon which the e-Research middleware security is based, e.g. the operating systems, network configurations and core software required to support e-Research solutions. To tackle this, an integrated security framework is needed that is cognisant of VO requirements on e-Research middleware-oriented security and incorporates targeted fabric level security. In this paper we present an integrated architecture (ACVAS), which encompasses VO-specific fabric security including configuration-aware security monitoring (patch status monitoring) and vulnerability scanning and subsequent updating. We show how tool support can be used to pre-emptively identify and assess potential vulnerabilities in a VO, before they are potential exploited. We also outline how these vulnerabilities can be dynamically overcome to support the needs of the VO and associated e-Infrastructure to improve the overall VO security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. JISC Virtual Research Environments programme, http://www.jisc.ac.uk/whatwedo/programmes/vre1.aspx

  2. Chadwick, D.W., Otenko, A.: The PERMIS X. 509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)

    Article  Google Scholar 

  3. Alfieri, R., Cecchini, R.L., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., Lõrentey, K., Spataro, F.: VOMS, an Authorization System for Virtual Organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Lorch, M., et al.: First experiences using XACML for access control in distributed systems. In: Proceedings of the 2003 ACM Workshop on XML Security, pp. 25–37. ACM, Fairfax (2003)

    Chapter  Google Scholar 

  5. Anderson, A.: SAML 2.0 profile of XACML (2004)

    Google Scholar 

  6. Internet2. Internet Shibboleth Technology (2009), http://shibboleth.internet2.edu/

  7. Sinnott, R.O., et al.: Advanced security for virtual organizations: The pros and cons of centralized vs decentralized security models, pp. 106–113 (2008)

    Google Scholar 

  8. Power, R.: 2001 CSI/FBI Computer Crime and Security Survey. Computer Security Institute (2001)

    Google Scholar 

  9. Grid Site Monitoring (2005)

    Google Scholar 

  10. Grid Security Monitoring (2008)

    Google Scholar 

  11. Muncaster, P.: Google hack-attack code hits the web (2010), http://www.securecomputing.net.au/News/164937,google-hack-attack-code-hits-the-web.aspx (June 2012)

  12. Kurtz, G.: Aurora Exploit in Google Attack Now Public (2010), http://blogs.mcafee.com/corporate/cto/dealing-with-operation-aurora-related-attacks (June 2012)

  13. Prince, K.: Malicious Software Defense: Have We Moved Beyond Anti-Virus and Spyware Protection Software? Perimeter eSecurity (2007)

    Google Scholar 

  14. Shostack, A.: Quantifying Patch Management. Secure Business Quarterly III(2) (2003)

    Google Scholar 

  15. Stirparo, P., Shibli, M.A., Muftic, S.: Vulnerability analysis and patches management using secure mobile agents. In: 11th International Conference on Advanced Communication Technology, ICACT 2009 (2009)

    Google Scholar 

  16. Microsoft SMS, http://www.microsoft.com/smserver/default.mspx

  17. An Overview of Vulnerability Scanners (2008), http://www.infosec.gov.hk/english/technical/articles.html

  18. Microsoft software update services, http://technet.microsoft.com/enus/wsus/bb466190

  19. Sufatrio, Yap, R.H.C., Zhong, L.: A Machine-Oriented Vulnerability Database for Automated Vulnerability Detection and Processing. In: Proceedings of the 18th USENIX Conference on System Administration. USENIX Association, Berkeley (2004)

    Google Scholar 

  20. Keizer, G.: Trojan horse poses as windows xp update (2004), http://www.informationweek.com/trojan-horse-poses-as-windows-xp-update/17300290?queryText=Trojan%20horse%20poses%20as%20windows%20xp%20update

  21. Berlind, D.: Why Windows Update desperately needs an update (2003), http://www.zdnet.com/news/why-windows-update-desperately-needs-an-update/299080

  22. Sinnott, R.O.: Grid Security: Practices, Middleware and Outlook. National e-Science Centre (2005)

    Google Scholar 

  23. Pakiti: A Patching Status Monitoring Tool, http://pakiti.sourceforge.net/

  24. EGEE Operational Security Coordination Team (OSCT), http://osct.web.cern.ch/osct/

  25. Yum-Package Manager, http://yum.baseurl.org/

  26. apt-get, http://www.apt-get.org/

  27. Roberge, M.W., Bergeron, T.: Robert, Introduction to OVAL: A new language to determine the presence of software vulnerabilities (2003)

    Google Scholar 

  28. Common vulnerabilities and exposures list, CVE (2011), http://cve.mitre.org/cve/

  29. Curl, http://curl.haxx.se

  30. CFengine Web site, http://www.cfengine.org

  31. Matsushita, M.: Telecommunication Management Network. In: NTT Review, Geneva (1991)

    Google Scholar 

  32. Problem Informant/Killer Tool (PIKT), pikt.org/pikt/software.html (cited March 2012)

  33. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium, vol. 14. USENIX Association, Baltimore (2005)

    Google Scholar 

  34. Ajayi, O., Sinnott, R., Stell, A.: Dynamic trust negotiation for flexible e-health collaborations. In: Proceedings of the 15th ACM Mardi Gras Conference: From Lightweight Mash-Ups to Lambda Grids: Understanding the Spectrum of Distributed Computing Requirements, Applications, Tools, Infrastructures, Interoperability, and the Incremental Adoption of Key Capabilities, pp. 1–7. ACM, Baton Rouge (2008)

    Google Scholar 

  35. Ajayi, O.: Dynamic Trust Negotiation for Decentralised e-Health Collaborations, University of Glasgow (2009)

    Google Scholar 

  36. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. ACM, New York (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National e-Science Centre, University of Glasgow, University Avenue, G12 8QQ, UK

    Jan Muhammad, Thomas Doherty & Sardar Hussain

  2. Department of Computing and Information Systems, University of Melbourne, Melbourne, Victoria, 3010, Australia

    Richard Sinnott

Authors
  1. Jan Muhammad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Doherty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sardar Hussain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Richard Sinnott
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, 221 Burwood Highway, 3125, Burwood, VIC, Australia

    Yang Xiang  & Wanlei Zhou  & 

  2. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29170, Malaga, Spain

    Javier Lopez

  3. Ming Hsieh Department of Electrical Engineering, University of Southern California, 3740 McClintock Ave., 90089-2564, Los Angeles, CA, USA

    C.-C. Jay Kuo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Muhammad, J., Doherty, T., Hussain, S., Sinnott, R. (2012). Policy-Based Vulnerability Assessment for Virtual Organisations. In: Xiang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35362-8_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35361-1

  • Online ISBN: 978-3-642-35362-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation