Advertisement

SARA – System for Inventory and Static Security Control in a Grid Infrastructure

  • Gerard Frankowski
  • Michał Rzepka
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7136)

Abstract

IT security, even if once achieved, is not a permanent state but rather a process. One of the main factors that impact this process is the ability to identify security vulnerabilities in the software. Disclosing such a flaw is usually followed by issuing a patch. However, for maintainers of a heterogeneous and compound environment, being up to date with all necessary fixes, may be an unexpectedly difficult task. Developing custom software in a grid project introduces another dimension to this problem. The SARA system for static security control has been developed to help the administrators with that issue.

Keywords

IT security attacks vulnerabilities security measure security standards CVE CPE CVSS NVD SARA 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Schneier, B.: Crypto-gram newsletter, http://www.schneier.com/crypto-gram-0005.html
  2. 2.
    Common vulnerabilities and exposures, http://cve.mitre.org
  3. 3.
    Common platform enumeration, http://cpe.mitre.org
  4. 4.
    Common vulnerabilities scoring system, http://www.first.org/cvss
  5. 5.
    National vulnerability database, http://nvd.nist.gov
  6. 6.
    Cve details – browse vulnerabilities by date, http://www.cvedetails.com/browse-by-date.php
  7. 7.
    Rzepka, M.: An approach to monitoring grids with system of automatic reporting and administration (SARA). In: CGW 2010 Conference (October 2010)Google Scholar
  8. 8.
    A complete guide to the common vulnerability scoring system version 2.0, http://www.first.org/cvss/cvss-guide.html
  9. 9.
    Cvss version 2 calculator, http://nvd.nist.gov/cvss.cfm
  10. 10.
    Nagios monitoring system, http://www.nagios.org
  11. 11.
    Patching status monitoring tool pakiti, http://pakiti.sourceforge.net
  12. 12.
    Secunia personal software inspector (psi), http://secunia.com/vulnerability_scanning/personal
  13. 13.
    Secunia psi 2.0 – setup and usage guide, http://secunia.com/gfx/pdf/SecuniaPSI2.0-Setupandusageguide.pdf
  14. 14.
    Inspire project web page, http://www.inspire-strep.eu
  15. 15.
    Choraś, M., Flizikowski, A., Kozik, R., Hołubowicz, W.: Decision Aid Tool and Ontology-Based Reasoning for Critical Infrastructure Vulnerabilities and Threats Analysis. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 98–110. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Balcerek, B., Szurgot, B., Uchroński, M., Waga, W.: ACARM-ng: Next Generation Correlation Framework. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol. 7136, pp. 114–127. Springer, Heidelberg (2012)Google Scholar
  17. 17.
    Rzepka, M.: Monitorowanie bezpieczeństwa złożonych infrastruktur przy pomocy systemu SARA, i3 2010 Conference (December 2010), http://www.i3conference.net/online/2010/prezentacje/58.pdf
  18. 18.
    Balcerek, B., Frankowski, G., Kwiecień, A., Smutnicki, A., Teodorczyk, M.: Security Best Practices: Applying Defense-in-Depth Strategy to Protect the NGI_PL. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol. 7136, pp. 128–141. Springer, Heidelberg (2012)Google Scholar
  19. 19.
    Adamski, M., Frankowski, G., Jerzak, M., Stoklosa, D., Rzepka, M.: Defense in depth strategy – a use case scenario of securing a virtual laboratory. In: Davoli, F., Lawenda, M., Meyer, N., Pugliese, R., Weglarz, J., Zappatore, S. (eds.) Remote Instrumentation for eScience and Related Aspects (2012)Google Scholar
  20. 20.
    Virtual laboratory of interactive learning (wlin) project, http://www.wlin.pl

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Gerard Frankowski
    • 1
  • Michał Rzepka
    • 1
  1. 1.Poznań Supercomputing and Networking CenterInstitute of Bioorganic Chemistry of the Polish Academy of SciencesPoznańPoland

Personalised recommendations