BEGIN:VCALENDAR VERSION:2.0 PRODID:Linklings LLC BEGIN:VTIMEZONE TZID:America/Chicago X-LIC-LOCATION:America/Chicago BEGIN:DAYLIGHT TZOFFSETFROM:-0600 TZOFFSETTO:-0500 TZNAME:CDT DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0500 TZOFFSETTO:-0600 TZNAME:CST DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20181221T160728Z LOCATION:D170 DTSTART;TZID=America/Chicago:20181112T121000 DTEND;TZID=America/Chicago:20181112T123000 UID:submissions.supercomputing.org_SC18_sess169_ws_daac104@linklings.com SUMMARY:Dynamic and Portable Vulnerability Assessment Testbed with Linux C ontainers to Ensure the Security of MongoDB in Singularity LXCs DESCRIPTION:Workshop\nHPC Center Planning and Operations, Heterogeneous Sy stems, Scientific Computing, State of the Practice, Workshop Reg Pass, Dat acenter\n\nDynamic and Portable Vulnerability Assessment Testbed with Linu x Containers to Ensure the Security of MongoDB in Singularity LXCs\n\nMail ewa Dissanayaka, Mengel, Gittner, Khan\n\nTo find the available vulnerabil ities against any system, it is mandatory to conduct vulnerability assessm ents as scheduled tasks in a regular manner. Thus, an easily deployable, e asily maintainable, accurate vulnerability assessment testbed or a model i s helpful as facilitated by Linux containers. Nowadays Linux containers (L XCs) which have operating system level virtualization, are very popular ov er virtual machines (VMs) which have hypervisor or kernel level virtualiza tion in high performance computing (HPC) due to reasons, such as high port ability, high performance, efficiency and high security. Hence, LXCs can m ake an efficient and scalable vulnerability assessment testbed or a model by using already developed analyzing tools such as OpenVas, Dagda, PortSpi der, OWASP Zed Attack Proxy, and OpenSCAP, to assure the required security level of a given system very easily. To verify the overall security of an y given software system, this paper first introduces a virtual, portable a nd easily deployable vulnerability assessment general testbed within the L inux container network. Next, the paper presents, how to conduct experimen ts using this testbed on a MongoDB database implemented in Singularity Lin ux containers to find the available vulnerabilities in images accompanied by containers, host, and network by integrating three tools; OpenVas, Dagd a, and PortSpider to the container-based testbed. Finally, it discusses ho w to use generated results to improve the security level of the given syst em. URL:https://sc18.supercomputing.org/presentation/?id=ws_daac104&sess=sess1 69 END:VEVENT END:VCALENDAR