TY - GEN
T1 - Do not blame users for misconfigurations
AU - Xu, Tianyin
AU - Zhang, Jiaqi
AU - Huang, Peng
AU - Zheng, Jing
AU - Sheng, Tianwei
AU - Yuan, Ding
AU - Zhou, Yuanyuan
AU - Pasupathy, Shankar
PY - 2013
Y1 - 2013
N2 - Similar to software bugs, configuration errors are also one of the major causes of today's system failures. Many configuration issues manifest themselves in ways similar to software bugs such as crashes, hangs, silent failures. It leaves users clueless and forced to report to developers for technical support, wasting not only users' but also developers' precious time and effort. Unfortunately, unlike software bugs, many software developers take a much less active, responsible role in handling configuration errors because "they are users' faults." This paper advocates the importance for software developers to take an active role in handling misconfigurations. It also makes a concrete first step towards this goal by providing tooling support to help developers improve their configuration design, and harden their systems against configuration errors. Specifically, we build a tool, called Spex, to automatically infer configuration requirements (referred to as constraints) from software source code, and then use the inferred constraints to: (1) expose misconfiguration vulnerabilities (i.e., bad system reactions to configuration errors such as crashes, hangs, silent failures); and (2) detect certain types of error-prone configuration design and handling. We evaluate Spex with one commercial storage system and six open-source server applications. Spex automatically infers a total of 3800 constraints for more than 2500 configuration parameters. Based on these constraints, Spex further detects 743 various misconfiguration vulnerabilities and at least 112 error-prone constraints in the latest versions of the evaluated systems. To this day, 364 vulnerabilities and 80 inconsistent constraints have been confirmed or fixed by developers after we reported them. Our results have influenced the Squid Web proxy project to improve its configuration parsing library towards a more user-friendly design.
AB - Similar to software bugs, configuration errors are also one of the major causes of today's system failures. Many configuration issues manifest themselves in ways similar to software bugs such as crashes, hangs, silent failures. It leaves users clueless and forced to report to developers for technical support, wasting not only users' but also developers' precious time and effort. Unfortunately, unlike software bugs, many software developers take a much less active, responsible role in handling configuration errors because "they are users' faults." This paper advocates the importance for software developers to take an active role in handling misconfigurations. It also makes a concrete first step towards this goal by providing tooling support to help developers improve their configuration design, and harden their systems against configuration errors. Specifically, we build a tool, called Spex, to automatically infer configuration requirements (referred to as constraints) from software source code, and then use the inferred constraints to: (1) expose misconfiguration vulnerabilities (i.e., bad system reactions to configuration errors such as crashes, hangs, silent failures); and (2) detect certain types of error-prone configuration design and handling. We evaluate Spex with one commercial storage system and six open-source server applications. Spex automatically infers a total of 3800 constraints for more than 2500 configuration parameters. Based on these constraints, Spex further detects 743 various misconfiguration vulnerabilities and at least 112 error-prone constraints in the latest versions of the evaluated systems. To this day, 364 vulnerabilities and 80 inconsistent constraints have been confirmed or fixed by developers after we reported them. Our results have influenced the Squid Web proxy project to improve its configuration parsing library towards a more user-friendly design.
KW - constraint
KW - inference
KW - misconfiguration
KW - testing
KW - vulnerability
UR - http://www.scopus.com/inward/record.url?scp=84889664388&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84889664388&partnerID=8YFLogxK
U2 - 10.1145/2517349.2522727
DO - 10.1145/2517349.2522727
M3 - Conference contribution
AN - SCOPUS:84889664388
SN - 9781450323888
T3 - SOSP 2013 - Proceedings of the 24th ACM Symposium on Operating Systems Principles
SP - 244
EP - 259
BT - SOSP 2013 - Proceedings of the 24th ACM Symposium on Operating Systems Principles
T2 - 24th ACM Symposium on Operating Systems Principles, SOSP 2013
Y2 - 3 November 2013 through 6 November 2013
ER -