Code Monkey home page Code Monkey logo

tum-i4 / better-safe-than-sorry Goto Github PK

View Code? Open in Web Editor NEW
1.0 8.0 0.0 3.8 MB

This repository is part of the paper "Better Safe Than Sorry! Automated Identification of Breaking Security-Configuration Rules" accepted at the "4th ACM/IEEE International Conference on Automation of Software Test (AST)". https://conf.researchr.org/home/ast-2023

License: Apache License 2.0

Python 90.61% PowerShell 9.39%
combinatorial-testing scap configuration-management security scapolite hardening

better-safe-than-sorry's Introduction

Better Safe Than Sorry

This repository is part of the paper Better Safe Than Sorry! Automated Identification of Breaking Security-Configuration Rules accepted at the 4th ACM/IEEE International Conference on Automation of Software Test (AST).

Institutions like the Center for Internet Security publish security-configuration guides(also called benchmarks) that help us configure systems more securely. This configuration hardening can mitigate the risk of successful attacks, which may cause damage to our systems and data. A remaining problem with applying these guides are so-called "breaking rules." Applying breaking rules on a production system will break at least one functionality with the corresponding ramifications. We could safely apply the remaining rules if we identified all breaking rules and removed them from the guide.

Our new approach combines techniques from software testing, machine learning, and graph theory to automatically identify these breaking rules. This repository includes our Python scripts to

  1. generate the covering arrays from a given security-configuration guide
  2. Test the different covering arrays
  3. Analyze the results to find the breaking rules

One can redo all our experiments presented in the article using the code in this repository.

Setup

With PyPi

The easiest way to use the scrips in this repository is to install the package from PyPi

pip install better-safe-than-sorry
better-safe-than-sorry --version

With Poetry

One can also use poetry to install the dependencies.

cd /path/to/better-safe-than-sorry/
poetry install
poetry run better-safe-than-sorry --version

Steps

Generate Profiles based on Covering Arrays

See here.

Test Execution

Simulation

See here.

Test Execution with Vagrant

See here

Test Result Analysis

See here.

Resources

Sfera Automation files

The folder rsc/sfera_automation_jsons contains variants of sfera_automation.json files based on the Windows 10 version 1909 guide by the Center for Internet Security. sfera_automation.json is a JSON-based file format used at Siemens to automatically implement Windows-based security-configuration guides. We generated the variants were generated using the IPOG and IPOG-D algorithms and include custom profiles for combinatorial testing of strength 2 to 5.

Contact

If you have any questions, please create an issue or contact Patrick Stöckle.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.