Dynamic and Portable Vulnerability Assessment Testbed with Linux Containers to Ensure the Security of MongoDB in Singularity LXCs
HPC Center Planning and Operations
State of the Practice
TimeMonday, November 12th12:10pm - 12:30pm
DescriptionTo find the available vulnerabilities against any system, it is mandatory to conduct vulnerability assessments as scheduled tasks in a regular manner. Thus, an easily deployable, easily maintainable, accurate vulnerability assessment testbed or a model is helpful as facilitated by Linux containers. Nowadays Linux containers (LXCs) which have operating system level virtualization, are very popular over virtual machines (VMs) which have hypervisor or kernel level virtualization in high performance computing (HPC) due to reasons, such as high portability, high performance, efficiency and high security. Hence, LXCs can make an efficient and scalable vulnerability assessment testbed or a model by using already developed analyzing tools such as OpenVas, Dagda, PortSpider, OWASP Zed Attack Proxy, and OpenSCAP, to assure the required security level of a given system very easily. To verify the overall security of any given software system, this paper first introduces a virtual, portable and easily deployable vulnerability assessment general testbed within the Linux container network. Next, the paper presents, how to conduct experiments using this testbed on a MongoDB database implemented in Singularity Linux containers to find the available vulnerabilities in images accompanied by containers, host, and network by integrating three tools; OpenVas, Dagda, and PortSpider to the container-based testbed. Finally, it discusses how to use generated results to improve the security level of the given system.