Activities per year
Infrastructure as Code (IaC) is a vital part of modern DevOps workflows, and the security of deployed infrastructures is of the upmost importance. In this presentation, we will highlight the importance of taking into account IaC script behaviour when detecting security smells. Specifically, we present gasel, a security smell detector based on program dependence graphs, which takes into account the control and data flow of Ansible IaC scripts. gasel supports 7 distinct security weaknesses, such as hardcoded passwords and missing integrity checks. Using an oracle of 243 real-world weaknesses, we show that gasel outperforms the state-of-the-art detectors. Moreover, we perform an empirical study on more than 15.000 Ansible scripts to show that the inclusion of control and data flow information is vital to detect security smells in real-world code.
|Number of pages||2|
|Publication status||Unpublished - 27 Nov 2023|
|Event||22nd Belgium-Netherlands Software Evolution Workshop - Nijmegen, Netherlands|
Duration: 27 Nov 2023 → 28 Nov 2023
Conference number: 22
|Workshop||22nd Belgium-Netherlands Software Evolution Workshop|
|Abbreviated title||BENEVOL 2023|
|Period||27/11/23 → 28/11/23|
FingerprintDive into the research topics of 'Behaviour-aware Security Smell Detection for Infrastructure as Code'. Together they form a unique fingerprint.
- 1 Talk or presentation at a workshop/seminar
Ruben Opdebeeck (Speaker)27 Nov 2023
Activity: Talk or presentation › Talk or presentation at a workshop/seminarFile