Inferring and Securing Software Configurations using Automated Reasoning
Software configurability opens the door to misconfiguration vulnerabilities, invalid settings that expose software weaknesses. Misconfiguration is one the top ten most critical security risks and the most common. This paper envisions a world without misconfiguration vulnerabilities through the use of automated reasoning techniques to infer and secure software configurations. Real-world software, however, often lacks an explicit specification of secure configurations, relying on hand-validation by users. Real-world systems comprise many individual highly-configurable software components, making the space of possible configurations for the whole system enormous. To realize our vision and overcome these challenges, we aim to create a rigorous definition of configuration specifications, use formal methods to mechanize the inference and generation of valid configurations, and develop algorithms to automatically secure against misconfiguration.
Paul Gazzillo is an Assistant Professor of Computer Science at University of Central Florida. He received his PhD from NYU and previously worked as a Post-Doc at Yale and a Research Scholar at Stevens Institute. His research aims to make it easier to develop safe and secure software, and it spans programming languages, security, software engineering, and systems. Projects include analysis of configurable systems, side-channel attack detection, and concurrent smart contracts. His work has been published in venues such as PLDI, ESEC/FSE, and ICSE and has been recognized with a SIGPLAN Research Highlight and an NSF CAREER award.
Tue 10 Nov Times are displayed in time zone: (UTC) Coordinated Universal Time change
|17:00 - 17:02|
Carmine VassalloUniversity of Zurich, Switzerland, Sebastian ProkschDelft University of Technology, Netherlands, Anna JancsoUniversity of Zurich, Switzerland, Harald GallUniversity of Zurich, Switzerland, Massimiliano Di PentaUniversity of Sannio, ItalyDOI Pre-print
|17:03 - 17:04|
Norbert SiegmundLeipzig University, Nicolai RuckelBauhaus-University Weimar, Janet SiegmundTU Chemnitz, GermanyDOI
|17:05 - 17:06|
Liu LiuRutgers University, USA, Sibren IsaacmanLoyola University Maryland, USA, Uli KremerRutgers University, USADOI
|17:07 - 17:08|
Visions and Reflections
Paul GazzilloUniversity of Central FloridaDOI
|17:09 - 17:10|
Qingrong ChenUniversity of Illinois at Urbana-Champaign, USA, Teng WangNational University of Defense Technology, China, Owolabi LegunsenCornell University, Shanshan LiNational University of Defense Technology, China, Tianyin XuUniversity of Illinois at Urbana-Champaign, USADOI
|17:11 - 17:30|