Pandu Ranga Reddy Konala, Vimal Kumar, D. Bainbridge
{"title":"作为代码脚本的基础架构中的静态配置分析","authors":"Pandu Ranga Reddy Konala, Vimal Kumar, D. Bainbridge","doi":"10.1109/CSR57506.2023.10224925","DOIUrl":null,"url":null,"abstract":"This SoK paper presents findings from a survey conducted on the current state of tools and techniques used in the static configuration analysis of Infrastructure as Code (IaC). Our findings highlight the increasing importance of ensuring the quality of IaC scripts through techniques such as detecting code and security smells. Our findings reveal that regular expressions are widely used, but this may not be a long-term or fully automated solution for detecting smells. Additionally, our study found that the majority of the tools and techniques are developed for infrastructure provisioning, rather than configuration management and image building. This raises concerns because configuring software is a high-risk task, with malicious actors constantly targeting software systems. Therefore, it is crucial for researchers to develop efficient and advanced techniques for detecting defects in configuration management and image building. The aim of this paper is to provide a detailed overview of the current state of research in this field, and to identify areas for future development.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SoK: Static Configuration Analysis in Infrastructure as Code Scripts\",\"authors\":\"Pandu Ranga Reddy Konala, Vimal Kumar, D. Bainbridge\",\"doi\":\"10.1109/CSR57506.2023.10224925\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This SoK paper presents findings from a survey conducted on the current state of tools and techniques used in the static configuration analysis of Infrastructure as Code (IaC). Our findings highlight the increasing importance of ensuring the quality of IaC scripts through techniques such as detecting code and security smells. Our findings reveal that regular expressions are widely used, but this may not be a long-term or fully automated solution for detecting smells. Additionally, our study found that the majority of the tools and techniques are developed for infrastructure provisioning, rather than configuration management and image building. This raises concerns because configuring software is a high-risk task, with malicious actors constantly targeting software systems. Therefore, it is crucial for researchers to develop efficient and advanced techniques for detecting defects in configuration management and image building. The aim of this paper is to provide a detailed overview of the current state of research in this field, and to identify areas for future development.\",\"PeriodicalId\":354918,\"journal\":{\"name\":\"2023 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE International Conference on Cyber Security and Resilience (CSR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSR57506.2023.10224925\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSR57506.2023.10224925","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SoK: Static Configuration Analysis in Infrastructure as Code Scripts
This SoK paper presents findings from a survey conducted on the current state of tools and techniques used in the static configuration analysis of Infrastructure as Code (IaC). Our findings highlight the increasing importance of ensuring the quality of IaC scripts through techniques such as detecting code and security smells. Our findings reveal that regular expressions are widely used, but this may not be a long-term or fully automated solution for detecting smells. Additionally, our study found that the majority of the tools and techniques are developed for infrastructure provisioning, rather than configuration management and image building. This raises concerns because configuring software is a high-risk task, with malicious actors constantly targeting software systems. Therefore, it is crucial for researchers to develop efficient and advanced techniques for detecting defects in configuration management and image building. The aim of this paper is to provide a detailed overview of the current state of research in this field, and to identify areas for future development.