As cloud-based services get more and more popular, the security of virtual machines running in the cloud needs more attention as well. An infected or compromised virtual machine consumes more resources (CPU, memory, bandwidth, etc.) than a secure one which means increased costs for the virtual machine owner. But running secure virtual machines are not just the owner’s interest; it is also profitable for the cloud provider since then he can serve more clients with the same hardware capacity.
The goal of this thesis is to design a cloud-based vulnerability assessment framework which is able to examine and evaluate the security of the virtual machines without any user intervention. During the design, the most important aspect (beyond security and scalability) was the possibility to integrate it to an existing VMware cloud infrastructure.
The framework currently uses only 3rd party vulnerability assessment software but it is extendable with custom vulnerability scanners in the future. The output of the framework is a comprehensive report which contains the result of the various vulnerability assessment tools in a standardised format.