Visible to the public Highly Configurable Systems - July 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): Jurgen Pfeffer
Co-PI(s): Christian Kastner

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)

Scalability and compositionality

We address scalability of assurances for highly configurable systems with exponentially growing configuration spaces and with massive reuse of third-party libraries that evolve independently. A compositional analysis of
options will allow to scale the analysis; for this it's important to investigate how options are implemented and how they interact. In addition, modular and timely recertification of changes and variations is essential to make security judgements scale in practice.


  • (ACCEPTED) - R. Goyal, G. Ferreira, C. Kastner, and J. Herbsleb. Identifying Unusual Commits on GitHub. Journal of Software: Evolution and Process (JSEP), 2017.

    This paper uses anomaly detection to identify commits in a project that stand out with regard to other commits and should be brought to the attention of other developers or reviewers. The work does not have a direct security focus, but rather aims to focus reviewer attention generally, but it can be used or extended also to detect anomalies from a security perspective, including issues as commits at unusual times or commits in unusual parts of the code (that a developer usually does not tough).


  • Completed an interview study with 18 subject matter experts in software certification (Common Criteria security certifications and DO178C safety certification), identifying the key obstacles of todays software certification and providing a baseline for further discussions that could push, among many other issues, compositional and automated analyses.
  • Designed a prototype for dynamically sandboxing of packages in the JavaScript/Node.js ecosystem to assure the absence of certain kinds of malicious package updates in npm packages. This addresses the risk that a attackers with access to an npm account can easily compromise systems that automatically update dependencies by injecting unnoticed malicious code in minor updates. The work defends against such attacks for the commonly used and often very simple packages on npm.

4) COMMUNITY ENGAGEMENTS - if applicable


5) EDUCATIONAL ADVANCES - if applicable