当前位置: X-MOL 学术Cluster Comput. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Security assurance of MongoDB in singularity LXCs: an elastic and convenient testbed using Linux containers to explore vulnerabilities
Cluster Computing ( IF 3.6 ) Pub Date : 2020-07-25 , DOI: 10.1007/s10586-020-03154-7
Akalanka Mailewa Dissanayaka , Susan Mengel , Lisa Gittner , Hafiz Khan

It is essential to ensure the data security of data analytical frameworks as any security vulnerability existing in the system can lead to a data loss or data breach. This vulnerability may occur due to attacks from live attackers as well as automated bots. However inside attacks are also becoming more frequent because of incorrectly implemented security requirements and access control policies. Thus, it is important to understand security goals and formulate security requirements and access control policies accordingly. Therefore, it is equally important to identify the existing security vulnerabilities of a given software system. To find the available vulnerabilities against any system, it is mandatory to conduct vulnerability assessments as scheduled tasks in a regular manner. Thus, an easily deployable, easily maintainable, accurate vulnerability assessment testbed or a model is helpful as facilitated by Linux containers. Nowadays Linux containers (LXCs) which have operating system level virtualization, are very popular over virtual machines (VMs) which have hypervisor or kernel level virtualization in high performance computing (HPC) due to reasons, such as high portability, high performance, efficiency and high security (Chae et al in Clust Comput 22:1765-1775, 2019. https://doi.org/10.1007/s10586-017-1511-2). Hence, LXCs can make an efficient and scalable vulnerability assessment testbed or a model by using already developed analyzing tools such as OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, Nessus, OWASP Zed Attack Proxy, and OpenSCAP, to assure the required security level of a given system very easily. To verify the overall security of any given software system, this paper first introduces a virtual, portable and easily deployable vulnerability assessment general testbed within the Linux container network. Next, the paper presents, how to conduct experiments using this testbed on a MongoDB database implemented in Singularity Linux containers to find the available vulnerabilities in 1. MongoDB application itself, 2. Images accompanied by containers, 3. Host, and 4. Network by integrating seven tools: OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, and Nessus to the container-based testbed. Finally, it discusses how to use generated results to improve the security level of the given system.



中文翻译:

奇异LXC中MongoDB的安全性保证:使用Linux容器探索漏洞的灵活便捷的测试平台

确保数据分析框架的数据安全至关重要,因为系统中存在的任何安全漏洞都可能导致数据丢失或数据泄露。此漏洞可能是由于来自实时攻击者和自动bot的攻击所致。但是,由于不正确地实施了安全要求和访问控制策略,内部攻击也变得越来越频繁。因此,了解安全目标并制定安全要求和相应的访问控制策略非常重要。因此,确定给定软件系统的现有安全漏洞同样重要。要查找针对任何系统的可用漏洞,必须定期将漏洞评估作为计划的任务进行。因此,易于部署,易于维护,准确的漏洞评估测试平台或模型在Linux容器的帮助下很有帮助。如今,由于诸如高可移植性,高性能,效率和高效率等原因,具有操作系统级虚拟化功能的Linux容器(LXC)在具有高性能管理程序(HPC)中具有虚拟机管理程序或内核级虚拟化功能的虚拟机(VM)上非常受欢迎。高安全性(Chae等人在Clust Comput 22:1765-1775,2019.https://doi.org/10.1007/s10586-017-1511-2)。因此,LXC可以通过使用已经开发的分析工具(例如OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit Framework,Nessus,OWASP Zed Attack Proxy和OpenSCAP)来建立高效且可扩展的漏洞评估测试平台或模型。给定系统的安全级别非常容易。为了验证任何给定软件系统的总体安全性,本文首先介绍了Linux容器网络中的虚拟,可移植且易于部署的漏洞评估通用测试平台。接下来,本文介绍了如何使用此测试平台在Singularity Linux容器中实现的MongoDB数据库上进行实验,以发现1. MongoDB应用程序本身,2。容器附带的图像,3。主机和4.网络中的可用漏洞。将七个工具:OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit Framework和Nessus集成到基于容器的测试平台。最后,它讨论了如何使用生成的结果来提高给定系统的安全级别。Linux容器网络中的可移植且易于部署的漏洞评估通用测试平台。接下来,本文介绍了如何使用此测试平台在Singularity Linux容器中实现的MongoDB数据库上进行实验,以发现1. MongoDB应用程序本身,2。容器附带的图像,3。主机和4.网络中的可用漏洞。将七个工具:OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit Framework和Nessus集成到基于容器的测试平台。最后,它讨论了如何使用生成的结果来提高给定系统的安全级别。Linux容器网络中的可移植且易于部署的漏洞评估通用测试平台。接下来,本文介绍了如何使用此测试平台在Singularity Linux容器中实现的MongoDB数据库上进行实验,以发现1. MongoDB应用程序本身,2。容器附带的图像,3。主机和4.网络中的可用漏洞。将七个工具:OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit Framework和Nessus集成到基于容器的测试平台。最后,它讨论了如何使用生成的结果来提高给定系统的安全级别。MongoDB应用程序本身,2。带有容器的图像,3。主机和4.通过将七个工具(OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit框架和Nessus)集成到基于容器的测试平台来实现网络。最后,它讨论了如何使用生成的结果来提高给定系统的安全级别。MongoDB应用程序本身,2。带有容器的图像,3。主机和4.通过将七个工具(OpenVas,Dagda,PortSpider,MongoAudit,NMap,Metasploit框架和Nessus)集成到基于容器的测试平台来实现网络。最后,它讨论了如何使用生成的结果来提高给定系统的安全级别。

更新日期:2020-07-25
down
wechat
bug