Automated Identification of Security-Relevant Configuration Settings Using NLP (ASE 2022 - Industry Showcase) - ASE 2022

Write a Blog >>

Mon 10 - Fri 14 October 2022 Oakland Center, Michigan, United States

Who

Patrick Stöckle, Theresa Wasserer, Bernd Grobauer, Alexander Pretschner

Track

ASE 2022 Industry Showcase

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Tue 11 Oct 2022 11:10 - 11:30 at Banquet A - Technical Session 2 - Debugging and Troubleshooting Chair(s): Andrew Begel

Abstract

To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.

Link to Preprint

https://go.tum.de/050438

Patrick Stöckle

Technical University of Munich (TUM)

Germany

Theresa Wasserer

Technical University of Munich

Bernd Grobauer

Siemens AG

Alexander Pretschner

TU Munich

Germany

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Tue 11 Oct
Displayed time zone: Eastern Time (US & Canada) change

	10:30 - 12:30	Technical Session 2 - Debugging and TroubleshootingResearch Papers / Industry Showcase / Late Breaking Results at Banquet A Chair(s): Andrew Begel Carnegie Mellon University, Software and Societal Systems Department

	10:30 20m Research paper		Call Me Maybe: Using NLP to Automatically Generate Unit Test Cases Respecting Temporal Constraints Research Papers Arianna Blasi Meta; prev. Università della Svizzera italiana, Alessandra Gorla IMDEA Software Institute, Michael D. Ernst University of Washington, Mauro Pezze USI Lugano; Schaffhausen Institute of Technology
	10:50 20m Research paper		CoditT5: Pretraining for Source Code and Natural Language Editing Research Papers Jiyang Zhang University of Texas at Austin, Sheena Panthaplackel UT Austin, Pengyu Nie University of Texas at Austin, Junyi Jessy Li University of Texas at Austin, USA, Milos Gligoric University of Texas at Austin Pre-print
	11:10 20m Industry talk		Automated Identification of Security-Relevant Configuration Settings Using NLP Industry Showcase Patrick Stöckle Technical University of Munich (TUM), Theresa Wasserer Technical University of Munich, Bernd Grobauer Siemens AG, Alexander Pretschner TU Munich Pre-print
	11:30 20m Research paper		Is this Change the Answer to that Problem? Correlating Descriptions of Bug and Code Changes for Evaluating Patch Correctness Research Papers Haoye Tian University of Luxembourg, Xunzhu Tang University of Luxembourg, Andrew Habib SnT, University of Luxembourg, Shangwen Wang National University of Defense Technology, Kui Liu Huawei Software Engineering Application Technology Lab, Xin Xia Huawei Software Engineering Application Technology Lab, Jacques Klein University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg Pre-print
	11:50 10m Paper		A real-world case study for automated ticket team assignment using natural language processing and explainable modelsVirtual Late Breaking Results Lucas Pavelski Sidia R&D Institute, Rodrigo de Souza Braga Sidia R&D Institute