Skip to main content
SpringerLink
Log in

Configuration Assessment as a Service

  • Conference paper
Book cover Data Privacy Management and Autonomous Spontaneous Security (DPM 2012, SETOP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7731))

Abstract

Security of systems is most often compromised by misconfiguration rather than a lack of security mechanisms. As a result, configuration validation is of utmost importance within organizations. However, security policies, best-practices, and documentation of vulnerabilities are usually available in natual language and thus configuration validation is usually a manual and error-prone activity. Initiatives such as the Security Content Automation Protocol foster the automation of configuration validation and the exchange of configuration information by providing a standard language. However they only focus on single systems and are not flexible with respect to the creation of new security content. This paper proposes a tool for configuration validation as a service able to assess check and checklists defined over configurations of both generic and specific distributed systems.

This work was partially supported by the FP7-ICT-2009.1.4 Project PoSecCo (no. 257129, www.posecco.eu ).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 7Safe, the University of Bedfordshire: Uk security breach investigations report 2010 (2010), http://www.7safe.com/breach_report/Breach_report_2010.pdf

  2. Verizon: 2009 data breach investigations report. Verizon (2009), http://www.7safe.com/breach_report/Breach_report_2010.pdf

  3. Williams, J., Wichers, D.: Top 10 most critical web application security risks. OWASP (2010), https://www.owasp.org/index.php/Top_10_2010-A6

  4. NIST: (National vulnerability databases), http://nvd.nist.gov

  5. NIST: (Security content automation protocols), http://scap.nist.gov

  6. Casalino, M.M., Mangili, M., Plate, H., Ponta, S.E.: Detection of configuration vulnerabilities in distributed (web) environments. In: Proceedings of Security and Privacy in Communication Networks, SecureComm (to appear, 2012)

    Google Scholar 

  7. Waltermire, D., Quinn, S., Scarfone, K.: The technical specification for the security content automation protocol (scap): Scap version 1.2. NIST (2011), http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf

  8. OWASP: (Securing Tomcat), https://www.owasp.org/index.php/Securing_tomcat

  9. SANS Security: (Seven security (mis)configurations in java web.xml files), http://software-security.sans.org/blog/2010/08/11/security-misconfigurations-java-webxml-files

  10. Opengroup: (OpenPegasus), https://collaboration.opengroup.org/pegasus/?gpid=18

  11. Distributed Management Task Force: Common information model (CIM) core model. White Paper DSP0111, DMTF (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Research Sophia-Antipolis, 805 Avenue Dr M. Donat, 06250, Mougins, France

    Matteo Maria Casalino, Henrik Plate & Serena Elisa Ponta

Authors
  1. Matteo Maria Casalino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Henrik Plate
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Serena Elisa Ponta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Università degli Studi Roma Tre, Largo San Leonardo Murialdo, 1, 00146, Rome, Italy

    Roberto Di Pietro

  2. Universitat Politècnica de Catalunya, c. Jordi Girona 1-3, 08034, Barcelona, Spain

    Javier Herranz

  3. Università degli Studi di Milano, Via Bramante, 65, 26013, Milan, Italy

    Ernesto Damiani

  4. University of Luxembourg, rue Alphonse Weicker, 4, 2721, Luxembourg, Luxembourg

    Radu State

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Casalino, M.M., Plate, H., Ponta, S.E. (2013). Configuration Assessment as a Service. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35890-6_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35889-0

  • Online ISBN: 978-3-642-35890-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation