We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 2209

Change to browse by:

cs
cs.SE

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: Automated Identification of Security-Relevant Configuration Settings Using NLP

Authors: Patrick Stöckle, Theresa Wasserer, Bernd Grobauer, Alexander Pretschner
(Submitted on 19 Sep 2022)
Abstract: To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
Comments: Peer-reviewed version accepted for publication in the Industry Showcase track at the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), October 10--14, 2022, Rochester, MI, USA
Subjects: Cryptography and Security (cs.CR); Software Engineering (cs.SE)
Journal reference: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), October 10--14, 2022, Rochester, MI, USA
DOI: 10.1145/3551349.3559499
Cite as: arXiv:2209.08853 [cs.CR]
  (or arXiv:2209.08853v1 [cs.CR] for this version)

Submission history

From: Patrick Stöckle [view email]
[v1] Mon, 19 Sep 2022 08:55:05 GMT (174kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.