In this study, we reassess vulnerability assessment in the Cloud and develop the open-source 'cvaFrame' framework. This framework reports to the cloud administrator, vulnerabilities and exploits discovered in virtual images. Our contribution to the cloud vulnerability assessment research community is our framework. We build our framework on top of existing tools like Metasploit and OpenVAS and implement it in an existing cloud service 'OpenNebula', to prove that our system works. We tested our software in a production cloud and it was able to find vulnerabilities and exploits hiding in dormant virtual machine images. At this date, we believe we are the first to develop an open-source framework that performs vulnerability assessment within the cloud on dormant images.

• This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.

Creator

• Ayenson, Michael D.
• Guerlain, Andre Pierre

Contributors

• Kacsuk, Peter
• Lovas, Róbert
• Ács, Sándor
• Selkow, Stanley
• Kotcauer, Péter
• Gergely, Márk

Publisher

• Worcester Polytechnic Institute

Identifier

• E-project-042412-130544

Advisor

• Sarkozy, Gabor N
• Selkow, Stanley M.

Year

• 2012

Center

• Budapest, Hungary Project Center - MQP

Date created

• 2012-04-24

Location

• Budapest

Resource type

• Major Qualifying Project

Major

• Computer Science

Rights statement

• In Copyright