Automated Implementation of Windows-related Security-Configuration Guides
Hardening is the process of configuring IT systems to ensure the security of the systems’ components and data they process or store. The complexity of contemporary IT infrastructures, however, renders manual security hardening and maintenance a daunting task.
In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations.
In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined.
We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides.
Wed 23 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time change
|09:10 - 09:30|
Patrick StöckleTechnical University of Munich, Bernd GrobauerSiemens AG, Alexander PretschnerTechnical University of MunichDOI
|09:30 - 09:50|
Stefan MühlbauerLeipzig University, Sven ApelSaarland University, Germany, Norbert SiegmundLeipzig UniversityDOI Pre-print
|09:50 - 10:10|
Haochen HeNational University of Defense Technology, Zhouyang JiaNational University of Defense Technology, Shanshan LiNational University of Defense Technology, China, Erci XuNational University of Defense Technology, Tingting YuUniversity of Kentucky, Yue YuCollege of Computer, National University of Defense Technology, Changsha 410073, China, Ji WangNational University of Defense Technology, Xiangke LiaoNational University of Defense Technology, ChinaDOI Pre-print