The Research And Design Of Vulnerability Scanning System For OVirt-KVM Desktop Cloud

As virtualization technology is getting more mature gradually, the majority of companies have migrated traditional PC to desktop cloud. o Virt-KVM desktop cloud, as a professional private cloud solutions architect, is the important technical support to achieve the goal of “Internet plus”. But virtualization deploy virtual resources from multiple users on the single physical host to achieve the unified management and distribution, which broke the inherent physical isolation of traditional PC. Because of the increasingly complex network environment, physical isolation loss and insufficient attention to security issues, o Virt-KVM desktop cloud can be confronted with more severe risks. This paper is aimed at situation of desktop cloud to study and design the o Virt-KVM Desktop Vulnerability Scanning System(short for ODVSS) for o Virt-KVM desktop, which can detect the vulnerabilities of virtual machine from the source of network attacks, so as to realize the defense function of desktop cloud.This thesis makes a detailed research and analysis about o Virt-KVM desktop cloud, and realizes the distributed vulnerability scanning system for virtual machines based on the network vulnerability scanning technology. In processing of studying and designing of ODVSS system, this paper carried out the following work:1. Study on the cloud computing technology, vulnerability scanning technology, and open-source frameworks and tools of system development. On this basis, complete the design of ODVSS system, make the complete description of its requirements analysis, system design, detailed design and implementation of system, system test.2. Achieve realization of ODVSS system based on distributed technology, build the RESTful-based communications platform, realize the funcions of target information collection, scanning case generation, task management, task scheduling and task reports management and other core functions and the other core functions.In system design of ODVSS system, this paper mainly make the technological breakthroughs in the following areas:1. Design a flexible management model for scanning engine cluster to achieve the dynamic adjustment of the number of virtual machine based on virtual machine resource pools and load balancing and effectively control of the balance between resources and scanning results.2. Design information collection subsystem based on distributed technology, make the deep integration with o Virt-Engine to collect information of virtual machines to build the scanned object repository.3. Design an open communication platform based on RESTful to develop uniform standards for remote call between system console and the other module, thus optimize system interface design.4. Design the task scheduling mechanism based on a variety of scheduling algorithms, thus effectively improve the efficiency of the distributed vuls-scanning system.