Salman Baset, Sahil Suneja, Nilton Bila, Ozan Tuncer, C. Isci
{"title":"用于应用程序、系统和云的可用声明性配置规范和验证","authors":"Salman Baset, Sahil Suneja, Nilton Bila, Ozan Tuncer, C. Isci","doi":"10.1145/3154448.3154453","DOIUrl":null,"url":null,"abstract":"Diagnosing misconfiguration across modern software stacks is increasingly difficult. These stacks comprise multiple micro-services which are deployed across a combination of containers and hosts (VMs, physical machines) in a cloud or a data center. The existing approaches for detecting misconfiguration, whether rule-based or inference, are highly specialized (e.g., security only), cumbersome to write and maintain, geared towards a host (instead of container images), and can result into false-positives or false-negatives.\n This paper introduces configuration validation language (CVL), a declarative language for writing rules to detect misconfigurations that can, for instance, impact security, performance, functionality. We have built a system, ConfigValidator, which applies the CVL rules across a multitude of environments such as Docker images, running containers, host, and cloud. The system is running in production and has scanned thousands of Docker images and running containers for identifying misconfigurations.","PeriodicalId":262822,"journal":{"name":"International Middleware Conference","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Usable declarative configuration specification and validation for applications, systems, and cloud\",\"authors\":\"Salman Baset, Sahil Suneja, Nilton Bila, Ozan Tuncer, C. Isci\",\"doi\":\"10.1145/3154448.3154453\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Diagnosing misconfiguration across modern software stacks is increasingly difficult. These stacks comprise multiple micro-services which are deployed across a combination of containers and hosts (VMs, physical machines) in a cloud or a data center. The existing approaches for detecting misconfiguration, whether rule-based or inference, are highly specialized (e.g., security only), cumbersome to write and maintain, geared towards a host (instead of container images), and can result into false-positives or false-negatives.\\n This paper introduces configuration validation language (CVL), a declarative language for writing rules to detect misconfigurations that can, for instance, impact security, performance, functionality. We have built a system, ConfigValidator, which applies the CVL rules across a multitude of environments such as Docker images, running containers, host, and cloud. The system is running in production and has scanned thousands of Docker images and running containers for identifying misconfigurations.\",\"PeriodicalId\":262822,\"journal\":{\"name\":\"International Middleware Conference\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Middleware Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3154448.3154453\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Middleware Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3154448.3154453","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Usable declarative configuration specification and validation for applications, systems, and cloud
Diagnosing misconfiguration across modern software stacks is increasingly difficult. These stacks comprise multiple micro-services which are deployed across a combination of containers and hosts (VMs, physical machines) in a cloud or a data center. The existing approaches for detecting misconfiguration, whether rule-based or inference, are highly specialized (e.g., security only), cumbersome to write and maintain, geared towards a host (instead of container images), and can result into false-positives or false-negatives.
This paper introduces configuration validation language (CVL), a declarative language for writing rules to detect misconfigurations that can, for instance, impact security, performance, functionality. We have built a system, ConfigValidator, which applies the CVL rules across a multitude of environments such as Docker images, running containers, host, and cloud. The system is running in production and has scanned thousands of Docker images and running containers for identifying misconfigurations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
