Sarkozy, Gabor N
Selkow, Stanley M.
In this study, we reassess vulnerability assessment in the Cloud and develop the open-source 'cvaFrame' framework. This framework reports to the cloud administrator, vulnerabilities and exploits discovered in virtual images. Our contribution to the cloud vulnerability assessment research community is our framework. We build our framework on top of existing tools like Metasploit and OpenVAS and implement it in an existing cloud service 'OpenNebula', to prove that our system works. We tested our software in a production cloud and it was able to find vulnerabilities and exploits hiding in dormant virtual machine images. At this date, we believe we are the first to develop an open-source framework that performs vulnerability assessment within the cloud on dormant images.
Worcester Polytechnic Institute
Major Qualifying Project
All authors have granted to WPI a nonexclusive royalty-free license to distribute copies of the work, subject to other agreements. Copyright is held by the author or authors, with all rights reserved, unless otherwise noted.