Automatic mapping of configuration options in software using static analysis

Junyong Wang, Thar Baker, Yingnan Zhou, Ali Ismail Awad, Bin Wang, Yongsheng Zhu

Research output: Contribution to journalArticlepeer-review

Abstract

Configuration errors are some of the main reasons for software failures. Some configuration options may even negatively impact the software's security, so that if a user sets the options inappropriately, there may be a huge security risk for the software. Recent studies have proposed mapping option read points to configuration options as the first step in alleviating the occurrence of configuration errors. Sadly, most available techniques use humans, and the rest require additional input, like an operation manual. Unfortunately, not all software is standardized and friendly. We propose a technique based on program and static analysis that can automatically map all the configuration options of a program just by reading the source code. Our evaluation shows that this technique achieves 88.6%, 97.7%, 94.6%, 94.8%, and 92.6% success rates with the Hadoop modules Common, Hadoop distributed file system, MapReduce, and YARN, and also PX4, when extracting configuration options. We found 53 configuration options in PX4 that were not documented and submitted these to the developers. Compared with published work, our technique is more effective in mapping options, and it may lay the foundation for subsequent research on software configuration security.

Original languageEnglish
Pages (from-to)10044-10055
Number of pages12
JournalJournal of King Saud University - Computer and Information Sciences
Volume34
Issue number10
DOIs
Publication statusPublished - Nov 2022

Keywords

  • Configuration error
  • Configuration option
  • Option read point
  • Program analysis
  • Software security
  • Static analysis

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Automatic mapping of configuration options in software using static analysis'. Together they form a unique fingerprint.

Cite this