Write a Blog >>
Tue 10 Nov 2020 17:07 - 17:08 at Virtual room 1 - Configuration

Software configurability opens the door to misconfiguration vulnerabilities, invalid settings that expose software weaknesses. Misconfiguration is one the top ten most critical security risks and the most common. This paper envisions a world without misconfiguration vulnerabilities through the use of automated reasoning techniques to infer and secure software configurations. Real-world software, however, often lacks an explicit specification of secure configurations, relying on hand-validation by users. Real-world systems comprise many individual highly-configurable software components, making the space of possible configurations for the whole system enormous. To realize our vision and overcome these challenges, we aim to create a rigorous definition of configuration specifications, use formal methods to mechanize the inference and generation of valid configurations, and develop algorithms to automatically secure against misconfiguration.

Paul Gazzillo is an Assistant Professor of Computer Science at University of Central Florida. He received his PhD from NYU and previously worked as a Post-Doc at Yale and a Research Scholar at Stevens Institute. His research aims to make it easier to develop safe and secure software, and it spans programming languages, security, software engineering, and systems. Projects include analysis of configurable systems, side-channel attack detection, and concurrent smart contracts. His work has been published in venues such as PLDI, ESEC/FSE, and ICSE and has been recognized with a SIGPLAN Research Highlight and an NSF CAREER award.

Tue 10 Nov

Displayed time zone: (UTC) Coordinated Universal Time change

17:00 - 17:30
17:00
2m
Talk
Configuration Smells in Continuous Delivery Pipelines: A Linter and a Six-Month Study on GitLab
Research Papers
Carmine Vassallo University of Zurich, Switzerland, Sebastian Proksch Delft University of Technology, Netherlands, Anna Jancso University of Zurich, Switzerland, Harald Gall University of Zurich, Switzerland, Massimiliano Di Penta University of Sannio, Italy
DOI Pre-print
17:03
1m
Talk
Dimensions of Software Configuration: On the Configuration Context in Modern Software Development
Research Papers
Norbert Siegmund Leipzig University, Nicolai Ruckel Bauhaus-University Weimar, Janet Siegmund TU Chemnitz, Germany
DOI
17:05
1m
Talk
Global Cost/Quality Management across Multiple Applications
Research Papers
Liu Liu Rutgers University, USA, Sibren Isaacman Loyola University Maryland, USA, Uli Kremer Rutgers University, USA
DOI
17:07
1m
Talk
Inferring and Securing Software Configurations using Automated Reasoning
Visions and Reflections
Paul Gazzillo University of Central Florida
DOI
17:09
1m
Talk
Understanding and Discovering Software Configuration Dependencies in Cloud and Datacenter Systems
Research Papers
Qingrong Chen University of Illinois at Urbana-Champaign, USA, Teng Wang National University of Defense Technology, China, Owolabi Legunsen Cornell University, Shanshan Li National University of Defense Technology, China, Tianyin Xu University of Illinois at Urbana-Champaign, USA
DOI
17:11
19m
Talk
Conversations on Configuration
Paper Presentations
Carmine Vassallo University of Zurich, Switzerland, Liu Liu Rutgers University, Nicolai Ruckel Bauhaus-University Weimar, Paul Gazzillo University of Central Florida, Qingrong Chen University of Illinois at Urbana-Champaign, USA, M: Sarah Nadi University of Alberta