Sciweavers

CCS
2008
ACM

Towards automatic reverse engineering of software security configurations

14 years 1 months ago
Towards automatic reverse engineering of software security configurations
The specifications of an application's security configuration are crucial for understanding its security policies, which can be very helpful in security-related contexts such as misconfiguration detection. Such specifications, however, are often ill-documented, or even close because of the increasing use of graphic user interfaces to set program options. In this paper, we propose ConfigRE, a new technique for automatic reverse engineering of an application's access-control configurations. Our approach first partitions a configuration input into fields, and then identifies the semantic relations among these fields and the roles they play in enforcing an access control policy. Based upon such knowledge, ConfigRE automatically generates a specification language to describe the syntactic relations of these fields. The language can be converted into a scanner using standard parser generators for scanning configuration files and discovering the security policies specified in an ap...
Rui Wang 0010, XiaoFeng Wang, Kehuan Zhang, Zhuowe
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Rui Wang 0010, XiaoFeng Wang, Kehuan Zhang, Zhuowei Li
Comments (0)