首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:CloudProxy: A NAPT Proxy for Vulnerability Scanners based on Cloud Computing
  • 本地全文:下载
  • 作者:Wang, Yulong ; Shen, Jiakun
  • 期刊名称:Journal of Networks
  • 印刷版ISSN:1796-2056
  • 出版年度:2013
  • 卷号:8
  • 期号:3
  • 页码:607-615
  • DOI:10.4304/jnw.8.3.607-615
  • 语种:English
  • 出版社:Academy Publisher
  • 摘要:Security-as-a-service (SaaS) is an outsourcing model for security management in cloud computing. Vulnerability scanners based on cloud computing is becoming one of the killer applications in SaaS due to the pay-per-use manner and powerful scanning capability. When performing vulnerability scanning through network, the scanner needs to establish a large number of TCP connections with the target host. To deal with the problem of IPv4 address shortening and to protect the hosts within the organization, the target hosts are almost always deployed behind a NAPT(Network Address and Port Translation) device, TCP packets sent by the scanner outside the network isolated by the NAPT device will be blocked, thus unable to complete the vulnerability scanning task when the scanners are deployed in the cloud. While there exists NAPT traversal methods, they support TCP poorly and therefore is not ready for the vulnerability scanning scenario where a large number of TCP connections needs to be established. In this paper we proposed a NAPT proxy named CloudProxy for adopting vulnerability scanners in cloud computing by combining the TURN extension protocol and the Socks5 protocol. We integrated function of Socks5 into the TURN client, so that the destination port of all scanning packets will be aggregated before passing through the TURN server, lessen the burden of the TURN server. The experimental results show that CloudProxy can relay packets for the vulnerability scanner based on cloud computing in a transparent way and its scalability is sufficient for practical use.
  • 关键词:vulnerability scanning;cloud computing;NAPT traversal;proxy
国家哲学社会科学文献中心版权所有