Visible to the public Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options

TitleLimiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options
Publication TypeConference Proceedings
Year of Publication2014
AuthorsKaestner, Christian, Pfeffer, Juergen
Conference NameHotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security
Date Published4-8-14
PublisherACM
Conference LocationRaleigh, NC
Keywordscertification, composability, configuration options, network analysis, security metrics
Abstract

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>102000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space. The analysis will guide us to designs separating interacting configuration options in a core system and isolating orthogonal and less trusted configuration options from this core.

DOI10.1145/2600176.2600199
Citation Keynode-17180