| With the development and popularization of the network, network security issues such as vulnerabilities and viruses attract more and more attention. To find vulnerabilities on time through vulnerability detection technologies and also repair them with patches is one of the most significant technologies of network security. On the other hand, as for the foundational e-services network of community under studying, the security of network environment is important to the stable operation of e-services business, so the development of vulnerability detection and repair system is necessary to ensure the safety of hosting the network, as well as to improve the security and reliability of the whole community e-services network.Firstly, principles and technologies relevant to vulnerabilities and patches are introduced, specifications such as OVAL and CVE are taken into research, various patching management frameworks as well as features of Windows, Linux patching are taken into discussion. Then, based upon the research of theories, taking advantages of OVAL, An OVAL-based vulnerability detectiing and repairing system is designed. Functionalities, architecture and business flows are depicted.Secondly, the overall architecture of vulnerability detection and repair server is designed. Modules, operation flows and logical relationships between modules are analyzed and designed. A detailed description of the design solutions for key issues including: the design of the client proxy registry systems, the way of updating vulnerability definitions, user access control, relationship among OVAL, CVE. Furthermore patching information documents' structure are analyzed and designed.Thirdly, functionalities of the vulnerability detection and repair server are implemented. Detailed description of main functionality implementations such as updating of vulnerability definitions, reporting of vulnerability detection, managing of detection and repair tasks and generating of patching list are given out. According to deployment issues of the vulnerability and repair system, hierarchical architecture of servers are taken into corresponding solutions, meanwhile, the fault-tolerant and management of the vulnerability and repair system under hierarchical architecture is introduced.Finally, the vulnerability detection and repair system performance of the server is tested, and system management and the realization of fault-tolerant methods are verified. The results show that the system server is able to provide not only a stable and reliable flaw detection but also repair services for the safe operation of the community e-services foundational network. |
PDF Full Text Request