Activities per year
Abstract
Infrastructure as Code (IaC) is a vital part of modern DevOps workflows, and the security of deployed infrastructures is of the upmost importance. In this presentation, we will highlight the importance of taking into account IaC script behaviour when detecting security smells. Specifically, we present gasel, a security smell detector based on program dependence graphs, which takes into account the control and data flow of Ansible IaC scripts. gasel supports 7 distinct security weaknesses, such as hardcoded passwords and missing integrity checks. Using an oracle of 243 real-world weaknesses, we show that gasel outperforms the state-of-the-art detectors. Moreover, we perform an empirical study on more than 15.000 Ansible scripts to show that the inclusion of control and data flow information is vital to detect security smells in real-world code.
Original language | English |
---|---|
Number of pages | 2 |
Publication status | Unpublished - 27 Nov 2023 |
Event | 22nd Belgium-Netherlands Software Evolution Workshop - Nijmegen, Netherlands Duration: 27 Nov 2023 → 28 Nov 2023 Conference number: 22 https://benevol2023.github.io/ |
Workshop
Workshop | 22nd Belgium-Netherlands Software Evolution Workshop |
---|---|
Abbreviated title | BENEVOL 2023 |
Country/Territory | Netherlands |
City | Nijmegen |
Period | 27/11/23 → 28/11/23 |
Internet address |
Fingerprint
Dive into the research topics of 'Behaviour-aware Security Smell Detection for Infrastructure as Code'. Together they form a unique fingerprint.Activities
- 1 Talk or presentation at a workshop/seminar
-
Behaviour-aware Security Smell Detection for Infrastructure as Code
Ruben Opdebeeck (Speaker)
27 Nov 2023Activity: Talk or presentation › Talk or presentation at a workshop/seminar
File