Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Mon 21 Sep 2020 03:38 - 03:50 at Kangaroo - Session 1 Paper Presentation

Context: Insecure coding patterns (ICPs), such as hard-coded passwords can be inadvertently introduced in infrastructure as code (IaC) scripts, providing malicious users the opportunity to attack provisioned computing infrastructure. As performing code reviews is resource-intensive, a characterization of co-located ICPs, i.e., ICPs that occur together in a script can help practitioners to prioritize their review efforts and mitigate ICPs in IaC scripts. Objective: The goal of this paper is to help practitioners in prioritizing code review efforts for infrastructure as code (IaC) scripts by conducting an empirical study of co-located insecure coding patterns in IaC scripts. Methodology: We conduct an empirical study with 1613, 2764 and 2845 Puppet scripts respectively collected from three organizations namely, Mozilla, Openstack, and Wikimedia. We apply association rule mining to identify co-located ICPs in IaC scripts. Results: We observe 17.9%, 32.9%, and 26.7% of the scripts to include co-located ICPs respectively, for Mozilla, Openstack, and Wikimedia. The most frequent co-located ICP category is hard-coded secret and suspicious comment. Conclusion: Practitioners can prioritize code review efforts for IaC scripts by reviewing scripts that include co-located ICPs.

Mon 21 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time change

02:50 - 03:50: Session 1 Paper Presentation[Workshop] HCSE&CS at Kangaroo
02:50 - 03:02
Talk
[Workshop] HCSE&CS
Alfred MusarurwaAbertay University, Karen RenaudAbertay University, Tim ShuermannTU Darmstadt
03:02 - 03:14
Talk
[Workshop] HCSE&CS
Nalin Asanka Gamagedara ArachchilageLa Trobe University, Australia, Mumtaz AbdulhameedTechnovation Consulting & Training PVT
03:14 - 03:26
Talk
[Workshop] HCSE&CS
Farzana Ahamed BhuiyanTennessee Tech University, Akond RahmanTennessee Tech University, Patrick MorrisonIBM
03:26 - 03:38
Talk
[Workshop] HCSE&CS
Chehara PathmabanduMonash University, Mohan Baruwal ChhetriData61 CSIRO Australia, John GrundyMonash University, Australia, A: Zubair BaigDeakin University
03:38 - 03:50
Talk
[Workshop] HCSE&CS
Farzana Ahamed BhuiyanTennessee Tech University, Akond RahmanTennessee Tech University