Download now Free registration required
The specifications of an application's security configuration are crucial for understanding its security policies, which can be very helpful in security-related contexts such as misconfiguration detection. Such specifications, however, are often ill-documented, or even close because of the increasing use of graphic user interfaces to set program options. In this paper, the authors propose ConfigRE, a new technique for automatic reverse engineering of an application's access-control configurations. Their approach first partitions a configuration input into fields, and then identifies the semantic relations among these fields and the roles they play in enforcing an access control policy.
- Format: PDF
- Size: 279.3 KB