Visible to the public Analyzing Interactions and Isolation among Configuration OptionsConflict Detection Enabled

TitleAnalyzing Interactions and Isolation among Configuration Options
Publication TypeConference Proceedings
Year of Publication2014
AuthorsChristian Kästner, Jurgen Pfeffer
Conference NameHotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security
Date Published04/2014
PublisherACM New York, NY, USA ©2014
Conference LocationRaleigh, NC
Other Numbersarticle no 23
Keywordscertification, CMU, composability, configuration options, July'14, network analysis, security metrics

In highly configurable systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>102000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space. The analysis will guide us to designs separating interacting configuration options in a core system and isolating orthogonal and less trusted configuration options from this core.

Citation Keynode-30176

Other available formats:

Kastner_Limit_Recertification_CK.pdfPDF document514.09 KBDownloadPreview