Highly Configurable Systems - January 2015

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): Jurgen Pfeffer
Co-PI(s): Christian Kastner
Researchers:

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)

• Scalability and composability: Isolating configuration options or controlling their interactions will lead us toward composable analysis with regard to configuration options.
• Predictive security metrics: To what degree can configuration-related indicate implementations that are more prone to vulnerabilities or in which vulnerabilities have more severe consequences?

2) PUBLICATIONS

Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

1. Kaestner, Christian & Pfeffer, Juergen (2014). Limiting Recertification in Highly Configurable Systems. Analyzing Interactions and Isolation among Configuration Options. HotSoS 2014: 2014 Symposium and Bootcamp on the Science of Security, April 8-9, Raleigh, NC.

3) KEY HIGHLIGHTS

• We implemented a tool to extract precise call graphs with function pointers for product lines/compile-time variability. This overcomes a key limitation of previous approaches which are inaccurate due to their lack of pointer analysis and allow for more precise composability analysis. This tool will be available as part of the next version of TypeChef (https://github.com/ckaestne/TypeChef).
• Short paper (poster) presentation at HotSoS 2014