Vulnerability Prioritization, Root Cause Analysis, and Mitigation of Secure Data Analytic Framework Implemented with MongoDB on Singularity Linux Containers

Akalanka Mailewa Dissanayaka, Susan Mengel, Lisa Gittner, Hafiz Khan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

A Vulnerability Management system is a disciplined, programmatic approach to discover and mitigate vulnerabilities in a system. While securing systems from data exploitation and theft, Vulnerability Management works as a cyclical practice of identifying, assessing, prioritizing, remediating, and mitigating security weaknesses. In this approach, root cause analysis is conducted to find solutions for the problematic areas in policy, process, and standards including configuration standards. Three major reasons make Vulnerability Assessment and Management a vital part in IT risk management. The reasons are, namely, 1. Persistent Threats-Attacks exploiting security vulnerabilities for financial gain and criminal agendas continue to dominate headlines, 2. Regulations-Many government and industry regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), mandate rigorous vulnerability management practices, and 3. Risk Management-Mature organizations treat vulnerability assessment and management as a key risk management component [1]. Thus, as opposed to a reactive and technology-oriented approach, a well-organized and executed Vulnerability Management system is proactive and business-oriented. This research initially collects all the vulnerabilities associated with the Data Analytic Framework Implemented with MongoDB on Linux Containers (LXCs) by using the vulnerability analysis testbed with seven deferent analyzing tools. Thereafter, this research work first prioritizes all the vulnerabilities using "Low", "Medium", and "High"according to their severity level. Then, it discovers and analyzes the root cause of fifteen various vulnerabilities with different severities. Finally, according to each of the vulnerability root causes, this research proposes security techniques, to avoid or mitigate those vulnerabilities from the current system.

Original languageEnglish
Title of host publicationICCDA 2020 - Proceedings of the 4th International Conference on Compute and Data Analysis
PublisherAssociation for Computing Machinery
Pages58-66
Number of pages9
ISBN (Electronic)9781450376440
DOIs
StatePublished - Mar 9 2020
Event4th International Conference on Compute and Data Analysis, ICCDA 2020 - Silicon Valley, San Jose, United States
Duration: Mar 9 2020Mar 12 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference4th International Conference on Compute and Data Analysis, ICCDA 2020
CountryUnited States
CitySilicon Valley, San Jose
Period03/9/2003/12/20

Keywords

  • Attack
  • Big-Data
  • Docker
  • HIPAA
  • HPC
  • Hacking
  • LXCs
  • Linux-Containers
  • MongoDB
  • Risk
  • SOX
  • Security
  • Singularity
  • Threat
  • Vulnerability

Fingerprint Dive into the research topics of 'Vulnerability Prioritization, Root Cause Analysis, and Mitigation of Secure Data Analytic Framework Implemented with MongoDB on Singularity Linux Containers'. Together they form a unique fingerprint.

Cite this