Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options
Title | Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options |
Publication Type | Conference Proceedings |
Year of Publication | 2014 |
Authors | Kaestner, Christian, Pfeffer, Juergen |
Conference Name | HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security |
Date Published | 4-8-14 |
Publisher | ACM |
Conference Location | Raleigh, NC |
Keywords | certification, composability, configuration options, network analysis, security metrics |
Abstract | In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>102000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space. The analysis will guide us to designs separating interacting configuration options in a core system and isolating orthogonal and less trusted configuration options from this core. |
DOI | 10.1145/2600176.2600199 |
Citation Key | node-17180 |
Groups: