SoK: Static Configuration Analysis in Infrastructure as Code Scripts

2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI:10.1109/CSR57506.2023.10224925

Pandu Ranga Reddy Konala, Vimal Kumar, D. Bainbridge

{"title":"SoK: Static Configuration Analysis in Infrastructure as Code Scripts","authors":"Pandu Ranga Reddy Konala, Vimal Kumar, D. Bainbridge","doi":"10.1109/CSR57506.2023.10224925","DOIUrl":null,"url":null,"abstract":"This SoK paper presents findings from a survey conducted on the current state of tools and techniques used in the static configuration analysis of Infrastructure as Code (IaC). Our findings highlight the increasing importance of ensuring the quality of IaC scripts through techniques such as detecting code and security smells. Our findings reveal that regular expressions are widely used, but this may not be a long-term or fully automated solution for detecting smells. Additionally, our study found that the majority of the tools and techniques are developed for infrastructure provisioning, rather than configuration management and image building. This raises concerns because configuring software is a high-risk task, with malicious actors constantly targeting software systems. Therefore, it is crucial for researchers to develop efficient and advanced techniques for detecting defects in configuration management and image building. The aim of this paper is to provide a detailed overview of the current state of research in this field, and to identify areas for future development.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSR57506.2023.10224925","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This SoK paper presents findings from a survey conducted on the current state of tools and techniques used in the static configuration analysis of Infrastructure as Code (IaC). Our findings highlight the increasing importance of ensuring the quality of IaC scripts through techniques such as detecting code and security smells. Our findings reveal that regular expressions are widely used, but this may not be a long-term or fully automated solution for detecting smells. Additionally, our study found that the majority of the tools and techniques are developed for infrastructure provisioning, rather than configuration management and image building. This raises concerns because configuring software is a high-risk task, with malicious actors constantly targeting software systems. Therefore, it is crucial for researchers to develop efficient and advanced techniques for detecting defects in configuration management and image building. The aim of this paper is to provide a detailed overview of the current state of research in this field, and to identify areas for future development.

查看原文本刊更多论文

作为代码脚本的基础架构中的静态配置分析

这篇SoK论文展示了对基础设施即代码(IaC)的静态配置分析中使用的工具和技术的当前状态进行的调查的结果。我们的发现强调了通过检测代码和安全气味等技术来确保IaC脚本质量的重要性。我们的研究结果表明，正则表达式被广泛使用，但这可能不是一个长期的或完全自动化的解决方案来检测气味。此外，我们的研究发现，大多数工具和技术是为基础设施供应而开发的，而不是配置管理和映像构建。这引起了人们的关注，因为配置软件是一项高风险任务，恶意行为者经常以软件系统为目标。因此，对于研究人员来说，开发有效和先进的技术来检测配置管理和映像构建中的缺陷是至关重要的。本文的目的是对该领域的研究现状提供一个详细的概述，并确定未来发展的领域。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

自引率

0.00%

发文量