Design and Implement of a Novel OVAL-Compatible Vulnerability Assessment System

Author

Gao, Ling ; Wang, Xu-Dong ; Zhang, Lin

Author_Institution

Dept. of Inf. Sci. & Technol., Northwest Univ., Xi´´an, China

fYear

2009

fDate

11-13 Dec. 2009

Firstpage

1

Lastpage

5

Abstract

Due to the various kinds of information expressing and transferring standards made by different vendors, the existing security products can not interoperate with each other efficiently. In order to solve this problem, an OVAL-compatible multiplatform vulnerability assessment system (VAS) is proposed in this paper. First, it adopts OVAL as the vulnerability assessment standard. Second, it takes lightweight web server as foundational distributed computing platform. Third, it adopts the manager/agent architecture to improve assessment efficiency. Considering the fact that a computer network usually includes various kinds of operating systems, two versions of agents for Windows and Linux is implemented. So it supports multiplatform vulnerability assessment and security data sharing with other OVAL-compatible tools with high accuracy, assessing completeness and functional expansibility.

Keywords

open systems; security of data; OVAL-compatible multiplatform vulnerability assessment system; distributed computing; information expressing standards; information transferring standards; manager-agent architecture; Communications technology; Computer network management; Computer networks; Computer security; Data security; Information science; Information security; Operating systems; Software safety; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Software Engineering, 2009. CiSE 2009. International Conference on

Conference_Location

Wuhan

Print_ISBN

978-1-4244-4507-3

Electronic_ISBN

978-1-4244-4507-3

Type

conf

DOI

10.1109/CISE.2009.5366868

Filename

5366868