Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2008
ACM
2008
ACM
Towards automatic reverse engineering of software security configurations
The specifications of an application's security configuration are crucial for understanding its security policies, which can be very helpful in security-related contexts such as misconfiguration detection. Such specifications, however, are often ill-documented, or even close because of the increasing use of graphic user interfaces to set program options. In this paper, we propose ConfigRE, a new technique for automatic reverse engineering of an application's access-control configurations. Our approach first partitions a configuration input into fields, and then identifies the semantic relations among these fields and the roles they play in enforcing an access control policy. Based upon such knowledge, ConfigRE automatically generates a specification language to describe the syntactic relations of these fields. The language can be converted into a scanner using standard parser generators for scanning configuration files and discovering the security policies specified in an ap...
Real-time TrafficApplication's Security Configuration | CCS 2008 | Reverse Engineering | Security Policies | Security Privacy |
Related Content
| Added | 12 Oct 2010 |
| Updated | 12 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | CCS |
| Authors | Rui Wang 0010, XiaoFeng Wang, Kehuan Zhang, Zhuowei Li |
Comments (0)
Researcher Info
|
