Skip to main content
SpringerLink
Log in

Security assurance of MongoDB in singularity LXCs: an elastic and convenient testbed using Linux containers to explore vulnerabilities

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

It is essential to ensure the data security of data analytical frameworks as any security vulnerability existing in the system can lead to a data loss or data breach. This vulnerability may occur due to attacks from live attackers as well as automated bots. However inside attacks are also becoming more frequent because of incorrectly implemented security requirements and access control policies. Thus, it is important to understand security goals and formulate security requirements and access control policies accordingly. Therefore, it is equally important to identify the existing security vulnerabilities of a given software system. To find the available vulnerabilities against any system, it is mandatory to conduct vulnerability assessments as scheduled tasks in a regular manner. Thus, an easily deployable, easily maintainable, accurate vulnerability assessment testbed or a model is helpful as facilitated by Linux containers. Nowadays Linux containers (LXCs) which have operating system level virtualization, are very popular over virtual machines (VMs) which have hypervisor or kernel level virtualization in high performance computing (HPC) due to reasons, such as high portability, high performance, efficiency and high security (Chae et al in Clust Comput 22:1765-1775, 2019. https://doi.org/10.1007/s10586-017-1511-2). Hence, LXCs can make an efficient and scalable vulnerability assessment testbed or a model by using already developed analyzing tools such as OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, Nessus, OWASP Zed Attack Proxy, and OpenSCAP, to assure the required security level of a given system very easily. To verify the overall security of any given software system, this paper first introduces a virtual, portable and easily deployable vulnerability assessment general testbed within the Linux container network. Next, the paper presents, how to conduct experiments using this testbed on a MongoDB database implemented in Singularity Linux containers to find the available vulnerabilities in 1. MongoDB application itself, 2. Images accompanied by containers, 3. Host, and 4. Network by integrating seven tools: OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, and Nessus to the container-based testbed. Finally, it discusses how to use generated results to improve the security level of the given system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Chae, M., Lee, H., Lee, K.: A performance comparison of linux containers and virtual machines using Docker and KVM. Clust. Comput. 22, 1765–1775 (2019). https://doi.org/10.1007/s10586-017-1511-2

    Article  Google Scholar 

  2. Mailewa Dissanayaka, A., Shetty, R.R., Kothari, S., Mengel, S., Gittner, L., Vadapalli, R.: Darknet and black market activities against the cybersecurity: a survey. In: The Midwest Instruction and Computing Symposium. (MICS), North Dakota State University, Fargo, ND, April 5–6 (2019)

  3. Elmisery, A.M., Rho, S., Aborizka, M.: A new computing environment for collective privacy protection from constrained healthcare devices to IoT cloud services. Clust. Comput. 22, 1611–1638 (2019). https://doi.org/10.1007/s10586-017-1298-1

    Article  Google Scholar 

  4. Pathak, A.R., Pandey, M., Rautaray, S.S.: Approaches of enhancing interoperations among high performance computing and big data analytics via augmentation. Clust. Comput. (2019). https://doi.org/10.1007/s10586-019-02960-y

    Article  Google Scholar 

  5. Shetty, R.R., Dissanayaka, A.M., Mengel, S., Gittner, L., Vadapalli, R., Khan, H.: Secure NoSQL based medical data processing and retrieval: the exposome project. In: Companion Proceedings of the 10th International Conference on Utility and Cloud Computing (UCC ’17 Companion). ACM, New York, NY, USA, pp. 99–105 (2017)

  6. Gittner, L.S., Kilbourne, B.J., Vadapalli, R., Khan, H.M., Langston, M.A.: A multifactorial obesity model developed from nationwide public health exposome data and modern computational analyses. Obes. Res. Clin. Pract. 11, 522–533 (2017)

    Article  Google Scholar 

  7. Mailewa Dissanayaka, A., Shetty, R.R., Kothari, S., Mengel, S., Gittner, L., Vadapalli, R.:: A review of MongoDB and singularity container security in regards to hipaa regulations. In Companion Proceedings of the 10th International Conference on Utility and Cloud Computing (UCC ’17 Companion). ACM, New York, NY, USA pp. 91–97 (2017)

  8. Mailewa Dissanayaka, A., Mengel, S., Gittner, L., Khan, H.: Dynamic and portable vulnerability assessment testbed with linux containers to ensure the security of MongoDB in singularity LXCs. In: Companion Proceedings of the 30th International Conference on Super Computing (SC18 Companion). Dallas, Texas, USA (2018)

  9. Gautam, K., Upadhyay, D.: Implementing dynamic certificates for securing database. In: 2014 5th International Conference Confluence The Next Generation Information Technology Summit (Confluence), pp. 919–922 (2014)

  10. Suman, T., Mailewa Dissanayaka, A.: The influence of black market activities through dark web on the economy: a survey. In: The Midwest Instruction and Computing Symposium. (MICS), Milwaukee School of Engineering and Northwestern Mutual, Milwaukee, Wisconsin, April 3–4 (2020)

  11. Redlich, R. M., Nemzow, M. A.: Data security system and method for separation of user communities. U.S. Patent 7,140,044, issued November 21 (2006)

  12. Moore, A.P., Cassidy, T.M., Theis, M.C., Bauer, D., Rousseau, D.M., Moore, S.B.: Incentives, balancing organizational, to counter insider threat. In: 2018 IEEE Security and Privacy Workshops (SPW). San Francisco, CA pp. 237–246 (2018)

  13. Shabtai, A., Elovici, Y., Rokach, L.: Data leakage detection/prevention solutions. In: A Survey of Data Leakage Detection and Prevention Solutions, pp. 17–37. Springer, Boston, MA (2012)

  14. Khan, M.S., Siddiqui, S., Ferens, K.: A cognitive and concurrent cyber kill chain model. In: Francia, G., Ertaul, L., Encinas, L.H., El-Sheikh, E. (eds.) Computer and Network Security Essentials, pp. 585–602. Springer, Cham (2018)

    Chapter  Google Scholar 

  15. Simkhada, E., Shrestha, E., Pandit, S., Sherchand, U., Dissanayaka, A.M.: Security threats/attacks via botnets and botnet detection & prevention techniques in computer networks: a review. In: The Midwest Instruction and Computing Symposium. (MICS), North Dakota State University, Fargo, ND, April 5–6 (2019)

  16. Perechuda, K., Sobinska, M.: Challenges for knowledge management in the context of it global sourcing models implementation. In: IFIP International Workshop on Artificial Intelligence for Knowledge Management, pp. 58–74. Springer, Cham (2014)

  17. Soltesz, S., Potzl, H., Fiuczynski, M. E., Bavier, A., Peterson, L.: Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors. Presented at the Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, Lisbon, Portugal (2007)

  18. Dua, R., Raja, A.R., Kakadia, D.: Virtualization vs containerization to support paas. Cloud Eng. 2014, 610–614 (2014)

    Google Scholar 

  19. Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. Presented at the Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. Monterey, California (2010)

  20. Casalicchio, E.: A study on performance measures for auto-scaling CPU-intensive containerized applications. Clust. Comput. 22, 995–1006 (2019). https://doi.org/10.1007/s10586-018-02890-1

    Article  Google Scholar 

  21. Kurtzer, G.M., Sochat, V., Bauer, M.W.: Singularity: scientific containers for mobility of computer. PLoS ONE 12, e0177459 (2017)

    Article  Google Scholar 

  22. Kumar, J., Garg, V.: Security analysis of unstructured data in NOSQL MongoDB database. In: 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN), Gurgaon, (2017), pp. 300–305

  23. Mazi, H., Arsene, F.N., Dissanayaka, A.M.: The influence of black market activities through dark web on the economy: a survey. In The Midwest Instruction and Computing Symposium. (MICS), Milwaukee School of Engineering and Northwestern Mutual, Milwaukee, Wisconsin, April 3–4 (2020)

  24. Zafar, R., Yafi, E., Zuhairi, M.F., Dao, H.: Big Data: The NoSQL and RDBMS review. In: 2016 International Conference on Information and Communication Technology (ICICTM), Kuala Lumpur, pp. 120–126 (2016)

  25. Deka, G.C.: A survey of cloud database systems. IT Prof. 16(2), 50–57 (2014)

    Article  Google Scholar 

  26. Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., Abramov, J.: Security Issues in NoSQL Databases. In: 2011, IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, pp. 541–547 (2011)

  27. Storey, V.C., Song, I.-Y.: Big data technologies and management: what conceptual modeling can do. Data Knowl. Eng. 108, 50–67 (2017)

    Article  Google Scholar 

  28. Li, F., Das, S., Syamala, M., Narasayya, V.R.: Accelerating relational databases by leveraging remote memory and rdma. In Proceedings of the 2016 International Conference on Management of Data, pp. 355–370. ACM (2016)

  29. Lee, C.H., Zheng, Y.L.: Automatic SQL-to-NoSQL schema transformation over the MySQL and HBase databases. In: 2015 IEEE International Conference on Consumer Electronics-Taiwan, pp. 426–427. IEEE (2015)

  30. Reddy, S., Raj, P.: Hosting and Delivering Cassandra NoSQL Database via Cloud Environments. In NoSQL, pp. 429–448. Chapman and Hall/CRC, Boca Raton (2017)

  31. Haseeb, A., Pattun, G.: A review on NoSQL: Applications and challenges. International Journal of Advanced Research in Computer Science 8, no. 1 (2017)

  32. Patel, J.M.: Operational NoSQL systems: what’s new and what’s next? Computer 49(4), 23–30 (2016)

    Article  Google Scholar 

  33. Goel, J.N., Mehtre, B.M.: Vulnerability assessment & penetration testing as a cyber defence technology. Proc. Comput. Sci. 57, 710–715 (2015)

    Article  Google Scholar 

  34. Ristov, S., Gusev, M., Donevski, A.: Security Vulnerability Assessment of OpenStack Cloud. In: 2014 Sixth International Conference on Computational Intelligence, Communication Systems and Networks, Tetova, pp. 95–100 (2014)

  35. Gander, M., Sauerwein, C., Breu, R.: Assessing real-time malware threats. 2015 IEEE International Conference on Software Quality, Reliability and Security - Companion, Vancouver, BC, pp. 6–13 (2015)

  36. Dissanayaka, A.M., Mengel, S., Gittner, L. and Khan, H.: Vulnerability prioritization, root cause analysis, and mitigation of secure data analytic framework implemented with mongodb on singularity linux containers. In The 4th International Conference on Compute and Data Analysis -2020 (ICCDA-2020). San Jose, CA

  37. Kamongi, P., Kotikela, S., Kavi, K., Gomathisankaran, M., Singhal, A.: VULCAN: vulnerability assessment framework for cloud computing. In: 2013 IEEE 7th International Conference on Software Security and Reliability, Gaithersburg, MD, (2013), pp. 218–226

  38. Youssef, A.E., Alageel, M.: A framework for secure cloud computing. Int. J. Comput. Sci. Issues (IJCSI) 9(4), 487 (2012)

    Google Scholar 

  39. Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P.A.: DELTA: a security assessment framework for software-defined networks. In NDSS (2017)

  40. Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7(11), 2114–2124 (2014)

    Article  Google Scholar 

  41. Kim, J., Ryu, J.: Recent trends on high-performance computing and security. Clust. Comput. 16, 207–208 (2013). https://doi.org/10.1007/s10586-013-0271-x

    Article  Google Scholar 

  42. Casola, V., Benedictis, A.D., Rak, M.: Security monitoring in the cloud: an SLA-based approach. 2015 10th International Conference on Availability, Reliability and Security, Toulouse, (2015), pp. 749–755

  43. Wang, Y., Yang, J.: Ethical hacking and network defense: choose your best network vulnerability scanning tool. In: 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), Taipei, (2017), pp. 110–113

  44. Singh, D., Sekar, V.R., Stolee, K.T., Johnson, B., Evaluating how static analysis tools can reduce code review effort. In: 2017 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). Raleigh, NC, pp. 101–105 (2017)

  45. Agarwal, S., Raj, G.: FRAME: framework for real time analysis of malware. In: 2018 8th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, (2018), pp. 14–15

  46. Manu, A.R., Patel, J.K., Akhtar, S., Agrawal, V.K., Murthy, K.N.B.S.: A study, analysis and deep dive on cloud PAAS security in terms of Docker container security. In: 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, (2016), pp. 1–13

  47. Rohrmann, R.R., Ercolani, V.J., Patton, M.W.: Large scale port scanning through tor using parallel Nmap scans to scan large portions of the IPv4 range. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, (2017), pp. 185–187

  48. Dinesh, S., Rao, S., Chandrasekaran, K.: Traceback: A forensic tool for distributed systems. In: Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, pp. 17–27. Springer, New Delhi, (2016)

  49. Kumar, R., Tlhagadikgora, K.: Internal network penetration testing using free/open source tools: network and system administration approach. In International Conference on Advanced Informatics for Computing Research, pp. 257–269. Springer, Singapore (2018)

  50. Mailewa, A., Herath, J., Herath, S.: A survey of effective and efficient software testing. In The Midwest Instruction and Computing Symposium. (MICS), Grand Forks, ND, April 10–11 (2015)

  51. Dholey, P., Shaw, A.K. OnlineKALI: Online Vulnerability Scanner. In: Proceedings of International Ethical Hacking Conference 2018, pp. 25–35. Springer, Singapore (2019)

  52. Lu, L., Han, Z., Chen, Z.: OpenStack vulnerability detection and analysis. In International Conference on Applications and Techniques in Information Security, pp. 245–251. Springer, Berlin (2015)

  53. Simon, K.: Vulnerability analysis using google and shodan. In: International conference on cryptology and network security, pp. 725–730. Springer, Cham (2016)

  54. Muñoz, F.R., Vega, E.A.A., Villalba, L.J.G.: Analyzing the traffic of penetration testing tools with an IDS. J. Supercomput. 74(12), 6454–6469 (2018)

    Article  Google Scholar 

  55. Mailewa, A., Herath, J.: Operating systems learning environment with VMware. In: The Midwest Instruction and Computing Symposium (MICS), Verova, WI, April 25–26 (2014)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Texas Tech University, Lubbock, USA

    Akalanka Mailewa Dissanayaka & Susan Mengel

  2. Department of Public Health, Texas Tech University Health Sciences Center, Lubbock, USA

    Lisa Gittner & Hafiz Khan

Authors
  1. Akalanka Mailewa Dissanayaka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Susan Mengel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lisa Gittner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hafiz Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akalanka Mailewa Dissanayaka.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dissanayaka, A.M., Mengel, S., Gittner, L. et al. Security assurance of MongoDB in singularity LXCs: an elastic and convenient testbed using Linux containers to explore vulnerabilities. Cluster Comput 23, 1955–1971 (2020). https://doi.org/10.1007/s10586-020-03154-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03154-7

Keywords

Search

Navigation