The Experts below are selected from a list of 1581 Experts worldwide ranked by ideXlab platform
R C Hansdah - One of the best experts on this subject based on the ideXlab platform.
-
a heuristic approach to detect mpls l3 vpn Misconfiguration in multi homed multi vrf site redundant ce environments
IEEE Transactions on Network and Service Management, 2021Co-Authors: Puran Deo Ojha, R C HansdahAbstract:MPLS L3 VPNs are often configured manually and are prone to errors. Misconfigured VPNs violate customer’s privacy and security. With the advent of the Multi-VRF (VRF-Lite) feature on the CE, it is now possible to support two or more routing domains on a single CE. Customers can also add more CE devices in redundant configurations having multi-homed connections to service providers’ PE routers for enhanced reliability and high availability of MPLS L3 VPNs. This scenario adds more complexity increasing the reasonable probability of Misconfiguration. MINA algorithm can detect errors in the MPLS infrastructure without the cooperation of the service providers. However, the MINA algorithm works for single-homed CE configured for a single VRF per CE. In this paper, we extend the MINA algorithm using a heuristic-based approach to detect Misconfiguration in the MPLS infrastructure connected to Multi-VRF, Multi-homed, site-redundant CE environments. We effectively utilize both control-plane and data-plane information to demonstrate the detection of one-way and discovery of two-way RT (Route Targets) Misconfiguration. The heuristic method can further detect the probable location/site and pinpoint the shared CE-customer affected by this Misconfiguration.
Xiangke Liao - One of the best experts on this subject based on the ideXlab platform.
-
misconfdoctor diagnosing Misconfiguration via log based configuration testing
2018 IEEE International Conference on Software Quality Reliability and Security (QRS), 2018Co-Authors: Teng Wang, Xiangke Liao, Xiaodong Liu, Qing LiaoAbstract:As software configurations continue to grow in complexity, Misconfiguration has become one of major causes of software failure. Software configuration errors can have catastrophic consequences, seriously affecting the normal use of software and quality of service. And Misconfiguration diagnosis faces many challenges, such as path-explosion problems and incomplete statistical data. Our study of the log that is generated in response to Misconfigurations by six widely used pieces of software highlights some interesting characteristics. These observations have influenced the design of MisconfDoctor, a Misconfiguration diagnosis tool via log-based configuration testing. Through comprehensive Misconfiguration testing, MisconfDoctor first extracts log features for every Misconfiguration and builds a feature database. When a system Misconfiguration occurs, MisconfDoctor suggests potential Misconfigurations by calculating the similarity of the new exception log to the feature database. We use manual and real-world error cases from Httpd, MySQL and PostgreSQL in order to evaluate the effectiveness of the tool. Experimental results demonstrate that the tool's accuracy reaches 85% when applied to manual-error cases, and 78% for real-world cases.
-
do you really know how to configure your software configuration constraints in source code may help
IEEE Transactions on Reliability, 2018Co-Authors: Xiangke Liao, Shulin Zhou, Zhouyang Jia, Xiaodong LiuAbstract:Misconfigurations have become one of the major causes of software failures because of their increasing prevalence and severity. The complexity of configurations and users’ lack of domain knowledge are the main reasons for massive Misconfigurations. Users usually identify and diagnose Misconfigurations by making a comparison against the conditions that configuration options should satisfy, which we refer to as configuration constraints ; however, sometimes it is hard for users to accomplish this work. Some work has been done on obtaining configuration constraints, especially from source code; nevertheless, only part of the situation has been considered, such as if-statement code snippets, limiting its help in Misconfiguration diagnosis. In order to better extract configuration constraints for users’ guidance and Misconfiguration diagnosis, we carried out a comprehensive manual study on the existence and variance of the configuration constraints in the source code of five different pieces of widely used open-source software. Three categories of findings are summarized based on our study, namely the general statistics, the general features of specific kinds of constraints, and the obstacles to the automatic extraction of configuration constraints. With these findings, we proposed several suggestions to maximize the automatic extraction of configuration constraints. The results show that our suggestions could improve the extraction of configuration constraints compared to existing methods.
-
ConfigFile++: Automatic comment enhancement for Misconfiguration prevention
2018 IEEE Workshop on Machine Learning Techniques for Software Quality Evaluation (MaLTeSQuE), 2018Co-Authors: Yuanliang Zhang, Shazhou Yang, Xiangke Liao, Shanshan Li, Xiangyang Xu, Yun XiongAbstract:Nowadays, Misconfiguration has become one of the key factors leading to system problems. Most current research on the topic explores Misconfiguration diagnosis, but is less concerned with educating users about how to configure correctly in order to prevent Misconfiguration before it happens. In this paper, we manually study 22 open source software projects and summarize several observations on the comments of their configuration files, most of which lack sufficient information and are poorly formatted. Based on these observations and the general process of Misconfiguration diagnosis, we design and implement a tool called ConfigFile++ that automatically enhances the comment in configuration files. By using name-based analysis and machine learning, ConfigFile++ extracts guiding information about the configuration option from the user manual and source code, and inserts it into the configuration files. The format of insert comment is also designed to make enhanced comments concise and clear. We use real-world examples of Misconfigurations to evaluate our tool. The results show that ConfigFile++ can prevent 33 out of 50 Misconfigurations.
-
ConfVD: System Reactions Analysis and Evaluation Through Misconfiguration Injection
IEEE Transactions on Reliability, 2018Co-Authors: Xiangke Liao, Shaoliang Peng, Shulin Zhou, Zhouyang Jia, Teng WangAbstract:In recent years, Misconfigurations have become one of the major causes of software system failures, resulting in numerous service outages. What is worse, Misconfigurations are also costly to diagnose and troubleshoot. This remains a great challenge for sysadmins (system administrators) to detect, diagnose, or troubleshoot these Misconfigurations. Unlike software bugs, Misconfigurations are more vulnerable to sysadmins’ mistakes. Developers and researchers are attempting to improve system reactions to Misconfigurations to ease the burden of sysadmins’ diagnoses. Such efforts would greatly benefit from the techniques that can comprehensively detect bad system reactions through injected Misconfigurations. Unfortunately, few such studies have achieved the above goal in the past, primarily because they only relied on generic alterations and failed to find a way to systematically generate Misconfigurations. In this paper, we study eight mature open-source and commercial software packages and summarize a fine-grained classification of option types. Based on this classification, we use Augmented Backus–Naur Form to summarize and extract syntactic and semantic constraints of each type. In order to generate comprehensive Misconfigurations in the test systems, we propose Misconfiguration generation methods for our constraints. We implement a tool named Configuration Vulnerability Detector (ConfVD) to conduct Misconfiguration injection and further analyze the systems’ reaction abilities to various Misconfigurations. We carried out comprehensive analyses upon Apache Httpd, MySQL, PostgreSQL, and Yum. The results of our analysis show that our option classification covers 96% of 1582 options from the above-mentioned systems. Our constraints are more fine grained than previous works and their accuracy was found to be 91% (ascertained by manual verification). Our technique could improve generic alteration approaches without constraints, and we found that ConfVD could find nearly three times the bad reactions that were found by ConfErr. In total, we found 65 bad reactions from the systems being tested and our fine-grained constraints contributed 27.7% more bad reactions than techniques only using coarse-grained constraints.
-
easier said than done diagnosing Misconfiguration via configuration constraints analysis a study of the variance of configuration constraints in source code
Evaluation and Assessment in Software Engineering, 2017Co-Authors: Shulin Zhou, Xiaodong Liu, Xiangke Liao, Si Zheng, Yun XiongAbstract:Misconfigurations have drawn tremendous attention for their increasing prevalence and severity, and the main causes are the complexity of configurations as well as the lack of domain knowledge for software. To diagnose Misconfigurations, one typical approach is to find out the conditions that configuration options should satisfy, which we refer to as configuration constraints. Current researches only handled part of the situations of configuration constraints in source code, which provide only limited help for Misconfiguration diagnosis. To better extract configuration constraints, we conduct a comprehensive manual study on the existence and variance of the configuration constraints in source code from five pieces of popular open-source software. We summarized several findings from different aspects, including the general statistics about configuration constraints, the general features for specific configurations, and the obstacles in extraction of configuration constraints. Based on the findings, we propose several suggestions to maximize the automation of constraints extraction.
Puran Deo Ojha - One of the best experts on this subject based on the ideXlab platform.
-
a heuristic approach to detect mpls l3 vpn Misconfiguration in multi homed multi vrf site redundant ce environments
IEEE Transactions on Network and Service Management, 2021Co-Authors: Puran Deo Ojha, R C HansdahAbstract:MPLS L3 VPNs are often configured manually and are prone to errors. Misconfigured VPNs violate customer’s privacy and security. With the advent of the Multi-VRF (VRF-Lite) feature on the CE, it is now possible to support two or more routing domains on a single CE. Customers can also add more CE devices in redundant configurations having multi-homed connections to service providers’ PE routers for enhanced reliability and high availability of MPLS L3 VPNs. This scenario adds more complexity increasing the reasonable probability of Misconfiguration. MINA algorithm can detect errors in the MPLS infrastructure without the cooperation of the service providers. However, the MINA algorithm works for single-homed CE configured for a single VRF per CE. In this paper, we extend the MINA algorithm using a heuristic-based approach to detect Misconfiguration in the MPLS infrastructure connected to Multi-VRF, Multi-homed, site-redundant CE environments. We effectively utilize both control-plane and data-plane information to demonstrate the detection of one-way and discovery of two-way RT (Route Targets) Misconfiguration. The heuristic method can further detect the probable location/site and pinpoint the shared CE-customer affected by this Misconfiguration.
Michael K. Reiter - One of the best experts on this subject based on the ideXlab platform.
-
discovering access control Misconfigurations new approaches and evaluation methodologies
Conference on Data and Application Security and Privacy, 2012Co-Authors: Lujo Bauer, Yuan Liang, Michael K. Reiter, Chad SpenskyAbstract:Accesses that are not permitted by implemented policy but that share similarities with accesses that have been allowed, may be indicative of access-control policy Misconfigurations. Identifying such Misconfigurations allows administrators to resolve them before they interfere with the use of the system. We improve upon prior work in identifying such Misconfigurations in two main ways. First, we develop a new methodology for evaluating Misconfiguration prediction algorithms and applying them to real systems. We show that previous evaluations can substantially overestimate the benefits of using such algorithms in practice, owing to their tendency to reward predictions that can be deduced to be redundant. We also show, however, that these and other deductions can be harnessed to substantially recover the benefits of prediction. Second, we propose an approach that significantly simplifies the use of Misconfiguration prediction algorithms. We remove the need to hand-tune (and empirically determine the effects of) various parameters, and instead replace them with a single, intuitive tuning parameter. We show empirically that this approach is generally competitive in terms of benefit and accuracy with algorithms that require hand-tuned parameters.
-
detecting and resolving policy Misconfigurations in access control systems
ACM Transactions on Information and System Security, 2011Co-Authors: Lujo Bauer, Scott Garriss, Michael K. ReiterAbstract:Access-control policy Misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e.g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of Misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43p, and can correctly predict 58p of the intended policy. These gains are achieved without impacting the total amount of time users spend interacting with the system.
Shulin Zhou - One of the best experts on this subject based on the ideXlab platform.
-
do you really know how to configure your software configuration constraints in source code may help
IEEE Transactions on Reliability, 2018Co-Authors: Xiangke Liao, Shulin Zhou, Zhouyang Jia, Xiaodong LiuAbstract:Misconfigurations have become one of the major causes of software failures because of their increasing prevalence and severity. The complexity of configurations and users’ lack of domain knowledge are the main reasons for massive Misconfigurations. Users usually identify and diagnose Misconfigurations by making a comparison against the conditions that configuration options should satisfy, which we refer to as configuration constraints ; however, sometimes it is hard for users to accomplish this work. Some work has been done on obtaining configuration constraints, especially from source code; nevertheless, only part of the situation has been considered, such as if-statement code snippets, limiting its help in Misconfiguration diagnosis. In order to better extract configuration constraints for users’ guidance and Misconfiguration diagnosis, we carried out a comprehensive manual study on the existence and variance of the configuration constraints in the source code of five different pieces of widely used open-source software. Three categories of findings are summarized based on our study, namely the general statistics, the general features of specific kinds of constraints, and the obstacles to the automatic extraction of configuration constraints. With these findings, we proposed several suggestions to maximize the automatic extraction of configuration constraints. The results show that our suggestions could improve the extraction of configuration constraints compared to existing methods.
-
ConfVD: System Reactions Analysis and Evaluation Through Misconfiguration Injection
IEEE Transactions on Reliability, 2018Co-Authors: Xiangke Liao, Shaoliang Peng, Shulin Zhou, Zhouyang Jia, Teng WangAbstract:In recent years, Misconfigurations have become one of the major causes of software system failures, resulting in numerous service outages. What is worse, Misconfigurations are also costly to diagnose and troubleshoot. This remains a great challenge for sysadmins (system administrators) to detect, diagnose, or troubleshoot these Misconfigurations. Unlike software bugs, Misconfigurations are more vulnerable to sysadmins’ mistakes. Developers and researchers are attempting to improve system reactions to Misconfigurations to ease the burden of sysadmins’ diagnoses. Such efforts would greatly benefit from the techniques that can comprehensively detect bad system reactions through injected Misconfigurations. Unfortunately, few such studies have achieved the above goal in the past, primarily because they only relied on generic alterations and failed to find a way to systematically generate Misconfigurations. In this paper, we study eight mature open-source and commercial software packages and summarize a fine-grained classification of option types. Based on this classification, we use Augmented Backus–Naur Form to summarize and extract syntactic and semantic constraints of each type. In order to generate comprehensive Misconfigurations in the test systems, we propose Misconfiguration generation methods for our constraints. We implement a tool named Configuration Vulnerability Detector (ConfVD) to conduct Misconfiguration injection and further analyze the systems’ reaction abilities to various Misconfigurations. We carried out comprehensive analyses upon Apache Httpd, MySQL, PostgreSQL, and Yum. The results of our analysis show that our option classification covers 96% of 1582 options from the above-mentioned systems. Our constraints are more fine grained than previous works and their accuracy was found to be 91% (ascertained by manual verification). Our technique could improve generic alteration approaches without constraints, and we found that ConfVD could find nearly three times the bad reactions that were found by ConfErr. In total, we found 65 bad reactions from the systems being tested and our fine-grained constraints contributed 27.7% more bad reactions than techniques only using coarse-grained constraints.
-
easier said than done diagnosing Misconfiguration via configuration constraints analysis a study of the variance of configuration constraints in source code
Evaluation and Assessment in Software Engineering, 2017Co-Authors: Shulin Zhou, Xiaodong Liu, Xiangke Liao, Si Zheng, Yun XiongAbstract:Misconfigurations have drawn tremendous attention for their increasing prevalence and severity, and the main causes are the complexity of configurations as well as the lack of domain knowledge for software. To diagnose Misconfigurations, one typical approach is to find out the conditions that configuration options should satisfy, which we refer to as configuration constraints. Current researches only handled part of the situations of configuration constraints in source code, which provide only limited help for Misconfiguration diagnosis. To better extract configuration constraints, we conduct a comprehensive manual study on the existence and variance of the configuration constraints in source code from five pieces of popular open-source software. We summarized several findings from different aspects, including the general statistics about configuration constraints, the general features for specific configurations, and the obstacles in extraction of configuration constraints. Based on the findings, we propose several suggestions to maximize the automation of constraints extraction.
-
conftest generating comprehensive Misconfiguration for system reaction ability evaluation
Evaluation and Assessment in Software Engineering, 2017Co-Authors: Xiangke Liao, Shulin Zhou, Zhouyang JiaAbstract:Misconfigurations are not only prevalent, but also costly on diagnosing and troubleshooting. Unlike software bugs, Misconfigurations are more vulnerable to users' mistakes. Improving system reaction to Misconfigurations would ease the burden of users' diagnoses. Such effort can greatly benefit from a comprehensive study of system reaction ability towards Misconfigurations based on errors injection method. Unfortunately, few such studies have achieved the above goal in the past, primarily because they fail to provide rich error types or only rely on generic alternations to generate Misconfigurations. In this paper, we studied 8 mature opensource and commercial software and summarized a fine-grained classification of option types. On the basis of this classification, we could extract syntactic and semantic constraints of each type to generate Misconfigurations. We implemented a tool named ConfTest to conduct Misconfiguration injection and further analyze system reaction abilities to various of Misconfigurations. We carried out comprehensive analyses upon 4 open-source software systems. Our evaluation results show that our option classification covers over 96% of 1582 options from Httpd, Yum, PostgreSQL and MySQL.Our constraint is more fined-grained and the accuracy is more than 90% of of real constraints through manual verification. We compared the capability in finding bad system reactions between ConfTest and ConfErr, showing that the ConfTest can find nearly 3 times the bad reactions found by ConfErr.
-
confmapper automated variable finding for configuration items in source code
IEEE International Conference on Software Quality Reliability and Security Companion, 2016Co-Authors: Shulin Zhou, Xiaodong Liu, Xiangke Liao, Wei Dong, Yun XiongAbstract:Misconfigurations have become the major cause of software failures as a consequence of software development. Traditional methodology of Misconfiguration diagnosis based on program analysis has distinct advantages in accuracy and efficiency. However, the state-of-the-art researches do the mapping between the configuration items and relevant program variables either manually locating or following specified annotation with fixed format, which requires enormous domain knowledge and heavy workload. In order to address the challenges, we manually studied eight popular open-source software and observed some mapping-related features. Based on these observations, we proposed a tool named ConfMapper to accomplish the automated mapping from the configuration items to the relevant program variables without understanding the complicated semantic context in source code. We carried out comprehensive experiments upon seven popular open-source software. ConfMapper could reach nearly 100% accuracy in mapping the configuration items to program variables, and mine about 91.5% potential configuration items in average.
