Automated Implementation of Windows-related Security-Configuration Guides
Hardening is the process of configuring IT systems to ensure the security of the systems’ components and data they process or store. The complexity of contemporary IT infrastructures, however, renders manual security hardening and maintenance a daunting task.
In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations.
In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined.
We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides.
Wed 23 SepDisplayed time zone: (UTC) Coordinated Universal Time change
09:10 - 10:10
|Automated Implementation of Windows-related Security-Configuration Guides|
Patrick Stöckle Technical University of Munich, Bernd Grobauer Siemens AG, Alexander Pretschner Technical University of MunichLink to publication DOI Pre-print
|Identifying Software Performance Changes Across Variants and Versions|
Stefan Mühlbauer Leipzig University, Sven Apel Saarland University, Germany, Norbert Siegmund Leipzig UniversityDOI Pre-print
|CP-Detector: Using Configuration-related Performance Properties to Expose Performance Bugs|
Haochen He National University of Defense Technology, Zhouyang Jia National University of Defense Technology, Shanshan Li National University of Defense Technology, China, Erci Xu National University of Defense Technology, Tingting Yu University of Kentucky, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Ji Wang National University of Defense Technology, Xiangke Liao National University of Defense Technology, ChinaDOI Pre-print