Main Article Content

Abstract

Application softwares running on end user or application servers are always prone to various attacks. These attacks not only harm applications but also waste network resources. Solutions to these problems are available as patches since a long time. Generally, people have been reluctant to patch their systems immediately, because patches are perceived to be unreliable and disruptive to apply. To address this problem we propose an inline patch proxy solution for Xen hypervisor. Inline solutions provided are vulnerability-specific, exploit-generic network solutions installed on end systems. The Inline patch module examines the incoming or outgoing traffic, vulnerable to applications, and removes these vulnerabilities to maintain secure traffic. The motive of the idea is to reduce the time difference between the release of a software patch and its actual deployment. Currently patching is promised by software developers, generally within hours (Varies as per the service level agreements) of occurrence of a vulnerable attack. The proposed idea is based on the reducing this time gap to a few seconds by placing the proposed module within the system. For unexposed attacks, time is needed to create new signatures which are generated in update server and pulled by the software running on host.

Keywords

Inline Patching Vulnerability Signature Network Filter Generic Protocol Analyzer Xen Hypervisor PF Ring.

Article Details

How to Cite
Rana, N., Singhal, P., Kulkarni, D., & Bhangale, P. (2015). INLINE PATCH PROXY FOR XEN HYPERVISOR. Students’ Research in Technology & Management, 1(3), 353-360. Retrieved from https://giapjournals.com/ijsrtm/article/view/79

References

  1. W. A. Arbaugh, W. L. Fithen, and J.McHugh. “Windows of Vulnerability: a Case
  2. Study Analysis”. IEEE Computer,2000.
  3. Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier “Shield:
  4. Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits”.
  5. Microsoft Research ,2004.
  6. V. Capretta, B. Stepien, A. Felty, and S.Matwin, “Formal correctness of conflict detection for
  7. firewalls,” in FMSE ’07:Proceedings of the 2007 ACM workshop on Formal methods in
  8. security engineering, 2007, pp. 22–30.
  9. Robert Bunge, Sam Chung, Barbara Endicott-Popovsky, Don McLane “An Operational
  10. Framework for Service Oriented Architecture Network Security”.IEEE, 2008.
  11. Zhiyun Qian, Z. Morley Mao, Ammar Rayes, David Jaffe.” Designing Scalable and Effective
  12. Decision Support for Mitigating Attacks in Large Enterprise Networks”.Springer,2012.
  13. forums.cnet.com/7726-6132_102-3253715.html
  14. Anthony Blumfield, Gilad Golan, Jason Garms, Saud Alshibani. ”Efficient patching”. United
  15. States Patient, 2012
  16. hackmageddon.com/tag/sql-injection