This document summarizes a research paper that proposes an inline patch proxy solution for the Xen hypervisor to help address vulnerabilities more quickly. The proposed solution uses a FastPatch module to analyze incoming traffic, detect vulnerabilities based on signature matching, generate patches, and pass them to virtual machines via PF_Ring to patch vulnerabilities in seconds rather than hours. The paper outlines the design of the solution and components like Xen, PF_Ring, and an update server. It also discusses implementation of handling some SQL injection attacks and future work to address more attacks.
Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to public.
Most organisations do not realise that a vulnerable system connected to the enterprise network potentially puts the entire organisation to risk by being easy targets of cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in the end point systems. However, they do not take the next step of removing these vulnerabilities.
Read this whitepaper to know how Saner ensures enterprise security by remediating vulnerabilities in the endpoints.
Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to the public.
Many organizations do not realize that a vulnerable system connected to the enterprise network potentially puts the entire organization to risk by being an easy target for cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in endpoint systems. However, they do not take the next step to remove the vulnerabilities.
Read this whitepaper to know how SecPod's Saner ensures enterprise security by remediating vulnerabilities in the endpoints. Saner is a light-weight, enterprise grade, scalable solution that hardens your systems; providing protection from malware & security threats
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to stop using components with known vulnerabilities.
To learn more about Heartbleed and what it means for your company please visit http://www.sonatype.com/clm/spotlight-on-heartbleed
Industrial control systems may be at least, or even more, vulnerable to intrusion and malicious attack than you desktop PC. The National Cybersecurity and Communications Integration Center outlines seven basic steps you can take to harden your industrial control system against intrusion and mischief.
Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to public.
Most organisations do not realise that a vulnerable system connected to the enterprise network potentially puts the entire organisation to risk by being easy targets of cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in the end point systems. However, they do not take the next step of removing these vulnerabilities.
Read this whitepaper to know how Saner ensures enterprise security by remediating vulnerabilities in the endpoints.
Recent studies have shown that 90% of security breaches involve a software vulnerability caused by a missing patch – even if the patch is made available to the public.
Many organizations do not realize that a vulnerable system connected to the enterprise network potentially puts the entire organization to risk by being an easy target for cyber-attacks. Many service providers scan the network and provide a comprehensive report of the vulnerabilities existing in endpoint systems. However, they do not take the next step to remove the vulnerabilities.
Read this whitepaper to know how SecPod's Saner ensures enterprise security by remediating vulnerabilities in the endpoints. Saner is a light-weight, enterprise grade, scalable solution that hardens your systems; providing protection from malware & security threats
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to stop using components with known vulnerabilities.
To learn more about Heartbleed and what it means for your company please visit http://www.sonatype.com/clm/spotlight-on-heartbleed
Industrial control systems may be at least, or even more, vulnerable to intrusion and malicious attack than you desktop PC. The National Cybersecurity and Communications Integration Center outlines seven basic steps you can take to harden your industrial control system against intrusion and mischief.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
To familiarize ourselves with vulnerability databases, their terminology, standards, and procedures to share vulnerability data. To understand how these data sources are integrated into commercial security software tools that help organizations manage their vulnerabilities. These software tools are generally grouped under the term “vulnerabilities scanners” (or similar terms). To examine a few “classic” vulnerabilities in depth to get a sense of just how vulnerabilities expose systems to exploitation.
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.
Talare: Mikael Andersson, Client Technical Professional, IBM
Besök http://smarterbusiness.se för mer information.
Covers security and privacy issues for software product developers including attacks and defenses, encryption, authentication, authorisation and data protection
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
Esta presentación recoge ideas básicas sobre los principales estilos de comunicación y técnicas para la mejora de la comunicación así como aspectos básicos sobre el conflicto, sus causas y resolución
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
To familiarize ourselves with vulnerability databases, their terminology, standards, and procedures to share vulnerability data. To understand how these data sources are integrated into commercial security software tools that help organizations manage their vulnerabilities. These software tools are generally grouped under the term “vulnerabilities scanners” (or similar terms). To examine a few “classic” vulnerabilities in depth to get a sense of just how vulnerabilities expose systems to exploitation.
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
Network Intrusion detection and Countermeasure Election in virtual network systems (NICE) are used to establish a
defense-in-depth intrusion detection framework. For better attack detection, NICE incorporates attack graph analytical procedures into
the intrusion detection processes. We must note that the design of NICE does not intend to improve any of the existing intrusion
detection algorithms; indeed, NICE employs a reconfigurable virtual networking approach to detect and counter the attempts to
compromise VMs, thus preventing zombie VMs. NICE includes two main phases: deploy a lightweight mirroring-based network
intrusion detection agent (NICE-A) on each cloud server to capture and analyze cloud traffic. A NICE-A periodically scans the virtual
system vulnerabilities within a cloud server to establish Scenario Attack Graph (SAGs), and then based on the severity of identified
vulnerability toward the collaborative attack goals, NICE will decide whether or not to put a VM in network inspection state. Once a
VM enters inspection state, Deep Packet Inspection (DPI) is applied, and/or virtual network reconfigurations can be deployed to the
inspecting VM to make the potential attack behaviors prominent.
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.
Talare: Mikael Andersson, Client Technical Professional, IBM
Besök http://smarterbusiness.se för mer information.
Covers security and privacy issues for software product developers including attacks and defenses, encryption, authentication, authorisation and data protection
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
Esta presentación recoge ideas básicas sobre los principales estilos de comunicación y técnicas para la mejora de la comunicación así como aspectos básicos sobre el conflicto, sus causas y resolución
The Web AppSec How-To: The Defender's ToolboxCheckmarx
Web application security has made headline news in the past few years. In this article, we review the various Web application security tools and highlight important decision factors to help you choose the application security technology best suited for your environment.
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
Join Cenzic’s Chris Harget for an overview of the essentials of Web Application Security, including the risks, practices and tools that improve security at every stage of the application lifecycle.
Patch, patch and patch !
This has been the go-to mantra of security professionals and the recent WannaCry ransomware attack has highlighted its importance once again.
Seqrite EPS with Centralized Patch Management -
Proven Security Approach for Ransomware Protection
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
INTRODUCTION
Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a
network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense
teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable
weaknesses in “as-built” control systems.
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
Recommendations from ICS-CERT, the Industrial Control System Cyber Emergency Response Team, a division of Department of Homeland Security. Seven basic steps to follow that will substantially boost cyber security and generate awareness of the threat potential
This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems. Length is 6 pages.
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems for industrial processes and operations.
Defending Industrial Control Systems From CyberattackCTi Controltech
Industrial control systems of all types and vintages likely are exposed to some level of unauthorized intrusion. Individuals and organizations with nefarious intent will try to gain access to information or control elements, stealing data or causing a range of inappropriate operations.
The Indo-American Journal of Agricultural and Veterinary Sciences is an online international journal published quarterly. It is a peer-reviewed journal that focuses on disseminating high-quality original research work, reviews, and short communications of the publishable paper.
Similar to INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR (20)
1. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 353
INLINE PATCH PROXY FOR XEN HYPERVISOR
Neha Rana, Pankaj Singhal Dnyanesh Kulkarni Pratik Bhangale
Department of Computer Engineering
Pune Institute of Computer Technology, University of Pune, India.
neharana226@gmail.com singhal.pankaj@outlook.com
kdnyaneshv@gmail.com pratik.bhangale1992@gmail.com
Abstract
Application softwares running on end user or application servers are always prone to various
attacks. These attacks not only harm applications but also waste network resources. Solutions to
these problems are available as patches since a long time. Generally, people have been reluctant to
patch their systems immediately, because patches are perceived to be unreliable and disruptive to
apply. To address this problem we propose an inline patch proxy solution for Xen hypervisor.
Inline solutions provided are vulnerability-specific, exploit-generic network solutions installed on
end systems. The Inline patch module examines the incoming or outgoing traffic, vulnerable to
applications, and removes these vulnerabilities to maintain secure traffic. The motive of the idea is
to reduce the time difference between the release of a software patch and its actual deployment.
Currently patching is promised by software developers, generally within hours (Varies as per the
service level agreements) of occurrence of a vulnerable attack. The proposed idea is based on the
reducing this time gap to a few seconds by placing the proposed module within the system. For
unexposed attacks, time is needed to create new signatures which are generated in update server
and pulled by the software running on host.
Keywords: Inline Patching, Vulnerability Signature, Network Filter, Generic Protocol Analyzer, Xen
Hypervisor, PF Ring
I. INTRODUCTION
In earlier days Physical servers were used to host web or distributed applications. As number of such
applications has increased tremendously these days, services and resources provided by physical
servers are very limited and insufficient. Concept of Virtual servers arises as a solution to the above
problem. A hypervisor is a software program residing over physical server and interacting with system
hardware to provide ability of hosting many virtual servers over a single physical server.
Xen Hypervisor is an emerging platform widely used by giants like Amazon, Google, Microsoft,
Rackspace, GoGreed and many more. In the past decades various applications running on guest
domains of Hypervisor have been vulnerable to different types of attacks like DoS, SQLi and others.
This gives rise to the need for efficient handling of network traffic. Solutions to such attacks have been
2. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 354
available as patches since long. But conventional approaches to patching have a number of significant
disadvantages:
• Resource-consuming: The traditionally available solution provides more security patches with
requirement of more human resources, also consuming more time and money.
• Vulnerability: Patching later as done in such traditional methods are more prone to outbreaks and
Security policy violation.
• Disruption: Installing a patch typically involves re- booting, at the very least, a particular host
service, and possibly an entire host system. An administrator for whom system and service
uptime are crucial may therefore be unable to tolerate the required service or system disruption.
• Unreliability: Software patches are typically released as quickly as possible after vulnerability is
discovered, and there is therefore insufficient time to do more than cursory testing of the patch.
• Unawareness: An administrator may simply miss a patch announcement for some reason, and
therefore be unaware of it, or have received the announcement but neglected to act on it.
• Multiple patches: Multiple patches may be created for a single modification in a program. The
program to be patched might also have different flavours of some executable code module, for
each of which, the process of patch creation and distribution is repetitive. It becomes the user’s
job to select and apply the patch for the appropriate flavour of the module.
• Size of patches: Some patches may be considerably large in size, making them difficult to store
and distribute. This problem multiplies for patches having multiple flavours.
Fig. 1. Frequency of updation – Earlier
Fig. 2. Frequency of updation – Earlier
3. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 355
• Virus attacks: Applying patches requires a user to be logged into an administrative account
having modification permissions, enabling viruses that seek to modify aspects of the target
computer system, using liberal permissions, to attack.[7]
Currently vulnerabilities are handled through software patching which promises to solve the
problem within the time specified in service level agreements (usually in the order of hours or days),
after the occurrence of an attack. Reduction in the time required for patching is the urge in today's
network communication. To address this problem we propose an inline patch proxy solution for Xen
hypervisor, based on the idea of reducing the time difference between the release of a patch and its
deployment on the end system, by building an inline module which would reside within the system and
handle different attacks based on signature detection of packets.
Since Sept.19, 2012, the websites of Bank of America, JPMorgan Chase and PNC Bank (Fortune
500), have all suffered day-long slowdowns and been sporadically unreachable for many customers.
The attackers who attacked Bank of America first, went after their targets in sequence.
According to recent published reports SQL injections are the top attack vector making up 19% of all
the security breaches examined by WHID. Similarly, in the “Breach Report for 2010” released by
7Safe the same year, a whopping 60% of all breach incidents examined, involved SQL injections.[6]
Fig. 3. Distribution of attacks[8]
4. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 356
Fig. 4. System Architecture
II. DESIGN
A. Basic Overview:
The basic design that we present in this paper aims to securely pass patches to the guest OS on which
application servers are running. Without patching, Xen hypervisor is vulnerable to attacks and thus all
the application servers running on it. In general scenario, incoming packets arrive on Dom-0 (Host OS)
which directs them to PF_Ring. PF_Ring is a high speed packet-capturing packet-filtering tool, which
is used as an interface to capture the incoming packets. As PF_Ring is installed on Dom-0 the traffic
going to and from all virtual servers is monitored centrally. Same logic goes for the applied patch also.
Once a patch against a specific vulnerability is linked with PF_Ring, all the virtual servers running on
the hypervisor are secured against that vulnerability. Hence PF_Ring is used to identify the parameters
of the packet and pass them to our module (FastPatch). FastPatch analyzes the signature of the packet
and searches for it in the database, providing security level information. The threat category is
identified and a patch is generated for the vulnerable packet detected. This patch is passed back to
PF_Ring which securely passes it to the application server running on guest OS.
Functionalities of the components on the hypervisor system (system 2) are as follow:
1. Xen:
• supporting virtual application servers
• interaction with system hardware through Dom-0
• forwarding network traffic to PF_Ring
2. PF_Ring:
• packet capturing
• packet filtering
• passing packet signature to FastPatch module
• forwarding packet to its destination
3. Fast Patch:
5. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 357
• packet signature analysis
• determining type of vulnerability (if any)
• patch selection
• discarding malicious packets
4. Virtual machine:
• hosting application server
• hosting application database
• patch request
B. Virtualization:
Several guest machines running on the Hypervisor are vulnerable to attacks. Instead of independently
patching these virtual machines, the hypervisor is patched, thus automatically securing all the virtual
machines against the vulnerabilities. This reduces the load of the virtual machines to secure
themselves.
C. Web Server:
The Web server hosts our website. The main purpose of this web site is to provide the user with an
interface to the update server. Users need to register to get access to the patching facilities provided by
update server. Users can view and patch their system against vulnerabilities as they desire. PRO-FTPD
details of the user are taken in order to provide secured transactions of the patches.
D. Update Server:
6. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 358
Update server is the area where patches for the identified vulnerabilities are stored. Selective patches
are sent to the user depending on his request. Whenever a new vulnerability is detected, a new patch is
created, compiled and stored here. Modules residing in the Update server generate code which are
compiled and stored as kernel objects and sent to the users as patches. Working of some of the modules
is as follows:
• SQL injection Attack Handler: In SQL injection generally the attack source is the insertion of a
malicious query in the URL. Various criteria are applied to incoming packets to look for the
existence of such query in the packet URL. Packets having such URLs are discarded and the
rest are forwarded to the destination guest OS.
• Sniffer Attack Handler: Packet with signature matching sniffer attack criteria is taken as input
and packet data is analyzed. After analysis measures are taken to secure client – server
communication line/path. Various filtering tests are applied to detect the third person trying to
intersect the communication. Detected intruder or solutions to secure line/path are returned to
user’s system and are linked with PF_Ring.
• DoS Attack Handler: Packet with signature matching DoS attack criteria is taken as input and
packet data is analyzed. After analysis measures are taken to reduce http packet size. Size is
reduced in such a way that no loss of data is done. In case of DoS packet flooding, the IP of the
machine sending these packets is recognised and that source IP is blocked. Depending on the
type of patches requested, patches are returned to user’s system and are linked with PF_Ring.
III. IMPLEMENTATION
The Idea proposed in this paper is still under development stage. Till date implementation of handling
some types of SQL injection has been done. These types include Code Injection, String Manipulation,
Login attacks and Timing attacks.
In this Implementation attack handling module works in collaboration with PF_Ring. A sample website
is built to test these attacks. Apache server and MySQL server are used for this implementation.
The details of the results obtained so far are-
7. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 359
Table I. Packet Details
Table II. Result Statistics
IV. FEATURES
• Inline patching of the system: FastPatch module resides in the host system and patches it inline.
• Update server: New vulnerabilities are handled at the server side.
• Auto-patch: Updates available will be automatically transferred and installed.
• No Restart needed: Patches are linked dynamically to PF_RING and thus applied instantly.
V. FUTURE SCOPE
The proposed idea can be further extended to handle worm attacks. The current system will not be able
to identify unrecognized attacks in the first place. In future it can be improved to identify attacks even
with no prior knowledge about them.
VI. CONSTRAINTS
The system generated is for Linux OS and not for other Operating Systems like IOS, Windows OS etc
as dom0.
• On x86 Xen with a Linux dom0 runs on Pentium II or newer processors.
• If the application is attacked by some worms it won’t be detected unless application crashes.
Packet Details
Name Description
Source IP
IP address of the host system i.e.
attacker
Destination IP IP address of the server
Destination Port
Port no of the application
running on server
Transport Layer
Data
Layer 3 Packet Data
Network Layer
Data
Layer 4 Packet Data
IP version IP version of the packet (4/6)
Attack
Name
No. of Queries
Fired
Detection
SQL
Injection
10 100%
8. International Journal of Students Research in Technology & Management
Vol 1(3), May 2013, ISBN 978-93-83006-01-4, pg 353-360
www.giapjournals.com Page 360
• The secure module is not developed to handle vulnerabilities for IIS Windows and X5 web
servers.
• Proposed solutions can be applied to specific network attacks only.
• Software needs to be updated as new vulnerabilities are detected.
• Cannot handle previously unrecognized attack.
VII. CONCLUSION
Inline Patch Proxy System provides secure patching and filtering of packets travelling from network to
application side. The proposed system reduces the time required for patching vulnerable packets
against the traditionally used software patching. It aims at providing an open source infrastructure for
malicious packet detection and protection from network exploits, also giving an alternate solution for
software patching against large scale network attacks. Unlike software patches, it will be less prone to
outbreaks and security policy violations since this module shall reside in the end host system. If
implemented it will be a more reliable and undisruptive solution to network exploits for Xen
Hypervisor framework.
VIII. ACKNOWLEDGEMENT
We take this opportunity to express our profound gratitude and deep regards to PICT Linux User’s
Group (our project sponsors)and our guide Mr. Gaurav Suryagandh for his exemplary guidance,
monitoring and constant encouragement throughout.
IX. REFERENCES
1. W. A. Arbaugh, W. L. Fithen, and J.McHugh. “Windows of Vulnerability: a Case
Study Analysis”. IEEE Computer,2000.
2. Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier “Shield:
Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits”.
Microsoft Research ,2004.
3. V. Capretta, B. Stepien, A. Felty, and S.Matwin, “Formal correctness of conflict detection for
firewalls,” in FMSE ’07:Proceedings of the 2007 ACM workshop on Formal methods in
security engineering, 2007, pp. 22–30.
4. Robert Bunge, Sam Chung, Barbara Endicott-Popovsky, Don McLane “An Operational
Framework for Service Oriented Architecture Network Security”.IEEE, 2008.
5. Zhiyun Qian, Z. Morley Mao, Ammar Rayes, David Jaffe.” Designing Scalable and Effective
Decision Support for Mitigating Attacks in Large Enterprise Networks”.Springer,2012.
6. forums.cnet.com/7726-6132_102-3253715.html
7. Anthony Blumfield, Gilad Golan, Jason Garms, Saud Alshibani. ”Efficient patching”. United
States Patient, 2012
8. hackmageddon.com/tag/sql-injection