Open this publication in new window or tab >>Show others...
2022 (English)In: Journal of King Saud University - Computer and Information Sciences, ISSN 1319-1578, Vol. 34, no 10, Part B, p. 10044-10055Article in journal (Refereed) Published
Abstract [en]
Configuration errors are some of the main reasons for software failures. Some configuration options may even negatively impact the software’s security, so that if a user sets the options inappropriately, there may be a huge security risk for the software. Recent studies have proposed mapping option read points to configuration options as the first step in alleviating the occurrence of configuration errors. Sadly, most available techniques use humans, and the rest require additional input, like an operation manual. Unfortunately, not all software is standardized and friendly. We propose a technique based on program and static analysis that can automatically map all the configuration options of a program just by reading the source code. Our evaluation shows that this technique achieves 88.6%, 97.7%, 94.6%, 94.8%, and 92.6% success rates with the Hadoop modules Common, Hadoop distributed file system, MapReduce, and YARN, and also PX4, when extracting configuration options. We found 53 configuration options in PX4 that were not documented and submitted these to the developers. Compared with published work, our technique is more effective in mapping options, and it may lay the foundation for subsequent research on software configuration security.
Place, publisher, year, edition, pages
Elsevier, 2022
Keywords
Software security, Configuration error, Configuration option, Option read point, Program analysis, Static analysis
National Category
Information Systems Software Engineering
Research subject
Information Systems
Identifiers
urn:nbn:se:ltu:diva-93987 (URN)10.1016/j.jksuci.2022.10.004 (DOI)000999620800072 ()2-s2.0-85140966613 (Scopus ID)
Note
Validerad;2023;Nivå 2;2023-04-20 (joosat);
Funder: National Key R&D Program of China (grant no. 2020YFB100560); National Natural Science Foundation of China (grant no. U21A20463); Fundamental Research Funds for the Central Universities of China (grant no, KKJB320001536)
Licens fulltext: CC BY License
2022-11-102022-11-102024-08-15Bibliographically approved