Biedermann, Sebastian ; Katzenbeisser, Stefan ; Szefer, Jakub (2014)
Hot-Hardening: Getting More Out of Your Security Settings.
New Orleans, Louisiana, USA
doi: 10.1145/2664243.2664246
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Applying optimized security settings to applications is a difficult and laborious task. Especially in cloud computing, where virtual servers with various pre-installed software packages are leased, selecting optimized security settings is very difficult. In particular, optimized security settings are not identical in every setup. They depend on characteristics of the setup, on the ways an application is used or on other applications running on the same system. Configuring optimized settings given these interdependencies is a complex and time-consuming task. In this work, we present an autonomous agent which improves security settings of applications which run in virtual servers. The agent retrieves custom-made security settings for a target application by investigating its specific setup, it tests and transparently changes settings via introspection techniques unbeknownst from the perspective of the virtual server. During setting selection, the application's operation is not disturbed nor any user interaction is needed. Since optimal settings can change over time or they can change depending on different tasks the application handles, the agent can continuously adapt settings as well as improve them periodically. We call this approach hot-hardening and present results of an implementation that can hot-harden popular networking applications such as Apache2 and OpenSSH.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Biedermann, Sebastian ; Katzenbeisser, Stefan ; Szefer, Jakub |
| Art des Eintrags: | Bibliographie |
| Titel: | Hot-Hardening: Getting More Out of Your Security Settings |
| Sprache: | Deutsch |
| Publikationsjahr: | Dezember 2014 |
| Verlag: | ACM |
| Buchtitel: | Proceedings of the 30th Annual Computer Security Applications Conference |
| Reihe: | ACSAC '14 |
| Veranstaltungsort: | New Orleans, Louisiana, USA |
| DOI: | 10.1145/2664243.2664246 |
| Kurzbeschreibung (Abstract): | Applying optimized security settings to applications is a difficult and laborious task. Especially in cloud computing, where virtual servers with various pre-installed software packages are leased, selecting optimized security settings is very difficult. In particular, optimized security settings are not identical in every setup. They depend on characteristics of the setup, on the ways an application is used or on other applications running on the same system. Configuring optimized settings given these interdependencies is a complex and time-consuming task. In this work, we present an autonomous agent which improves security settings of applications which run in virtual servers. The agent retrieves custom-made security settings for a target application by investigating its specific setup, it tests and transparently changes settings via introspection techniques unbeknownst from the perspective of the virtual server. During setting selection, the application's operation is not disturbed nor any user interaction is needed. Since optimal settings can change over time or they can change depending on different tasks the application handles, the agent can continuously adapt settings as well as improve them periodically. We call this approach hot-hardening and present results of an implementation that can hot-harden popular networking applications such as Apache2 and OpenSSH. |
| ID-Nummer: | TUD-CS-2014-1103 |
| Fachbereich(e)/-gebiet(e): | Profilbereiche > Cybersicherheit (CYSEC) Profilbereiche |
| Hinterlegungsdatum: | 21 Aug 2017 14:45 |
| Letzte Änderung: | 15 Mai 2018 10:33 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum