Visible to the public Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation Among Configuration Options

Submitted by Pfeffer Juergen on Wed, 09/17/2014 - 6:32pm
TitleLimiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation Among Configuration Options
Publication TypeConference Paper
Year of Publication2014
AuthorsKästner, Christian, Pfeffer, Jürgen
Conference NameProceedings of the 2014 Symposium and Bootcamp on the Science of Security
PublisherACM
Conference LocationRaleigh, NC, USA
ISBN Number978-1-4503-2907-1
KeywordsACM CCS, certification, composability, Concurrency and Timing, configuration options, cyber security, Formal Methods and Theory of Security, Foundations, Logic and Verification, network analysis, science of security, security metrics, Validation and Verification
Abstract

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>102000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space. The analysis will guide us to designs separating interacting configuration options in a core system and isolating orthogonal and less trusted configuration options from this core.
URLhttp://doi.acm.org/10.1145/2600176.2600199
DOI10.1145/2600176.2600199
Citation KeyKastner:2014:LRH:2600176.2600199
Groups: