Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options
| Title | Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options |
| Publication Type | Conference Proceedings |
| Year of Publication | 2014 |
| Authors | Kaestner, Christian, Pfeffer, Juergen |
| Conference Name | HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security |
| Date Published | 4-8-14 |
| Publisher | ACM |
| Conference Location | Raleigh, NC |
| Keywords | certification, composability, configuration options, network analysis, security metrics |
| Abstract | In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>102000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space. The analysis will guide us to designs separating interacting configuration options in a core system and isolating orthogonal and less trusted configuration options from this core. |
| DOI | 10.1145/2600176.2600199 |
| Citation Key | node-17180 |
Groups: