No project description provided
Project description
Better Safe Than Sorry
This repository is part of the paper Better Safe Than Sorry! Automated Identification of Breaking Security-Configuration Rules accepted at the 4th ACM/IEEE International Conference on Automation of Software Test (AST).
Institutions like the Center for Internet Security publish security-configuration guides(also called benchmarks) that help us configure systems more securely. This configuration hardening can mitigate the risk of successful attacks, which may cause damage to our systems and data. A remaining problem with applying these guides are so-called "breaking rules." Applying breaking rules on a production system will break at least one functionality with the corresponding ramifications. We could safely apply the remaining rules if we identified all breaking rules and removed them from the guide.
Our new approach combines techniques from software testing, machine learning, and graph theory to automatically identify these breaking rules. This repository includes our Python scripts to
- generate the covering arrays from a given security-configuration guide
- Test the different covering arrays
- Analyze the results to find the breaking rules
One can redo all our experiments presented in the article using the code in this repository.
Setup
With PyPi
The easiest way to use the scrips in this repository is to install the package from PyPi
pip install better-safe-than-sorry
better-safe-than-sorry --version
With Poetry
One can also use poetry to install the dependencies.
cd /path/to/better-safe-than-sorry/
poetry install
poetry run better-safe-than-sorry --version
Steps
Generate Profiles based on Covering Arrays
See here.
Test Execution
Simulation
See here.
Test Execution with Vagrant
See here
Test Result Analysis
See here.
Resources
Sfera Automation files
The folder rsc/sfera_automation_jsons contains variants of sfera_automation.json files based on the Windows 10 version 1909 guide by the Center for Internet Security.
sfera_automation.json is a JSON-based file format used at Siemens to automatically implement Windows-based security-configuration guides.
We generated the variants were generated using the IPOG and IPOG-D algorithms and include custom profiles for combinatorial testing of strength 2 to 5.
Contact
If you have any questions, please create an issue or contact Patrick Stöckle.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file better-safe-than-sorry-0.1.2.tar.gz.
File metadata
- Download URL: better-safe-than-sorry-0.1.2.tar.gz
- Upload date:
- Size: 24.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0f88c3fb82df6a04c4f21ef153d7e2257044163ce50876c6edc9a4c716ed8c34 |
|
| MD5 | 6ab2e7e395d0648a16f54407807d3ab8 |
|
| BLAKE2b-256 | 531513dd65f9277440e1734baf148003fad525e63da74f4074dec71e00dddb18 |
File details
Details for the file better_safe_than_sorry-0.1.2-py3-none-any.whl.
File metadata
- Download URL: better_safe_than_sorry-0.1.2-py3-none-any.whl
- Upload date:
- Size: 33.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5da54118454b27e7763d52009be56b4651cef033fd81bb0de38d81f32d790293 |
|
| MD5 | e02786f032dabe9470e09bfa3f08547d |
|
| BLAKE2b-256 | 349a9b58c1e0a7283284094f3fa688a1343ff272cad51727afce1ca6758fa4ed |
