Virtual appliances (VAs) are ready-to-use virtual machine images that are configured for specific purposes. For example, a virtual machine image that contains all the software necessary to develop and host a JSP-based website is typically available as a "Java Web Starter" VA. Currently there are many VA repositories from which users can download VAs and instantiate them on Infrastructure-as-a-Service (IaaS) clouds, allowing them to quickly launch their services. This marketplace, however, lacks adequate mechanisms that allow users to a priori assess whether a specific VA is really configured with the software that it is expected to be configured with. This paper evaluates the integrity of software packages installed on real-world VAs, through the use of a software whitelist-based framework, and finds that indeed there is a lot of variance in the software integrity of packages across VAs. Analysis of 151 Amazon VAs using this framework shows that about 9% of real-world VAs have significant numbers of software packages that contain unknown files, making them potentially untrusted. Virus scanners flagged just half of the VAs in that 9% as malicious, demonstrating that virus scanning alone is not sufficient to help users select a trustable VA and that a priori software integrity assessment has a role to play.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.