Design And Implementation Of Vulnerability Scanner Scheduling System Based On Cloud Platform

Statistical data shows that most network security events result from the system vulnerabilities which have already been found. As one of the major security auditing technologies, the vulnerability scanning technology plays a very important role in the network security. However, most of the conventional scanning tools are stand-alone oriented, which have poor performance in the case of large scale network. Cloud Safety is the latest manifestation of information security in the era of the Internet. By applying cloud computing technology that provides sufficient resources to support the scene of large-scale business applications, and integrating the emerging technologies and concepts such as Parallel Processing, Grid Computing, and Unknown Virus Acts Judge, Cloud Safety provides new solutions for solving network security issues. The cloud platform based vulnerability scanning system is such a typical application that applies Cloud Safety. Making reasonable, adequate, efficient use of the virtual resources has a great impact on the overall performance of the vulnerability scanning system.Aiming at the specific requirements of large-scale vulnerability scanning, the paper designs a mechanism to schedule the vulnerability scanners deployed in the cloud platform. By taking full account of different scenes during the execution of vulnerability scanning together with the causes of scanners’load imbalance, the mechanism performs real-time and dynamic scheduling on the vulnerability scanners. Moreover, the paper accomplishes the design and implementation of a Vulnerability Scanners Scheduling System based on the above mechanism, as a sub-system of the Cloud Based Vulnerability Scanning System. Firstly, the paper analyzes the working mechanism and interfaces of the vulnerability scanners, and also the mechanism of resource scheduling、task decomposition. Secondly, the paper puts forward a cloud-based vulnerability scanner scheduling mechanism, and accomplishes the design of the cloud-based vulnerability scanner scheduling system. Thirdly, by adopting programming frameworks such as Spring、Hibernate、CXF and JAXB, the paper implements the core logic module in the scheduling system as a scalable、HTTPS-based functional entity, which supports persistent storage and keeps compatible with the vulnerability scanner. Furthermore, the paper accomplishes the implementation of the vulnerability scanning system’s UI as a B/S web application, by using the Struts2framework. Finally, after deploying the whole scheduling system on the cloud platform, the paper has it tested together with other entities in the cloud-based vulnerability scanning system. As a result of the testing experiment, the scheduling system passed the functional tests and has the necessary scalability.