TY - JOUR
T1 - Automatic mapping of configuration options in software using static analysis
AU - Wang, Junyong
AU - Baker, Thar
AU - Zhou, Yingnan
AU - Awad, Ali Ismail
AU - Wang, Bin
AU - Zhu, Yongsheng
N1 - Funding Information:
This work was by the National Key R&D Program of China, under Grant 2020YFB1005604, in part by the National Natural Science Foundation of China, under grant U21A20463, and in part by the Fundamental Research Funds for the Central Universities of China under Grant KKJB320001536.
Publisher Copyright:
© 2022 The Author(s)
PY - 2022/11
Y1 - 2022/11
N2 - Configuration errors are some of the main reasons for software failures. Some configuration options may even negatively impact the software's security, so that if a user sets the options inappropriately, there may be a huge security risk for the software. Recent studies have proposed mapping option read points to configuration options as the first step in alleviating the occurrence of configuration errors. Sadly, most available techniques use humans, and the rest require additional input, like an operation manual. Unfortunately, not all software is standardized and friendly. We propose a technique based on program and static analysis that can automatically map all the configuration options of a program just by reading the source code. Our evaluation shows that this technique achieves 88.6%, 97.7%, 94.6%, 94.8%, and 92.6% success rates with the Hadoop modules Common, Hadoop distributed file system, MapReduce, and YARN, and also PX4, when extracting configuration options. We found 53 configuration options in PX4 that were not documented and submitted these to the developers. Compared with published work, our technique is more effective in mapping options, and it may lay the foundation for subsequent research on software configuration security.
AB - Configuration errors are some of the main reasons for software failures. Some configuration options may even negatively impact the software's security, so that if a user sets the options inappropriately, there may be a huge security risk for the software. Recent studies have proposed mapping option read points to configuration options as the first step in alleviating the occurrence of configuration errors. Sadly, most available techniques use humans, and the rest require additional input, like an operation manual. Unfortunately, not all software is standardized and friendly. We propose a technique based on program and static analysis that can automatically map all the configuration options of a program just by reading the source code. Our evaluation shows that this technique achieves 88.6%, 97.7%, 94.6%, 94.8%, and 92.6% success rates with the Hadoop modules Common, Hadoop distributed file system, MapReduce, and YARN, and also PX4, when extracting configuration options. We found 53 configuration options in PX4 that were not documented and submitted these to the developers. Compared with published work, our technique is more effective in mapping options, and it may lay the foundation for subsequent research on software configuration security.
KW - Configuration error
KW - Configuration option
KW - Option read point
KW - Program analysis
KW - Software security
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85140966613&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85140966613&partnerID=8YFLogxK
U2 - 10.1016/j.jksuci.2022.10.004
DO - 10.1016/j.jksuci.2022.10.004
M3 - Article
AN - SCOPUS:85140966613
SN - 1319-1578
VL - 34
SP - 10044
EP - 10055
JO - Journal of King Saud University - Computer and Information Sciences
JF - Journal of King Saud University - Computer and Information Sciences
IS - 10
ER -