nach oben

Automated Software Engineering

Erschienen in:

01.05.2024

Test-suite-guided discovery of least privilege for cloud infrastructure as code

verfasst von: Ryo Shimizu, Yuna Nunomura, Hideyuki Kanuka

Erschienen in: Automated Software Engineering | Ausgabe 1/2024

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Infrastructure as code (IaC) for the cloud, which automatically configures a system’s cloud environment from source code, is an important practice thanks to its efficient, reproducible provisioning. On a cloud IaC definition (template), developers must carefully manage permission settings to minimize the risk of cyber-attacks. To this end, least privilege on IaC templates, i.e., the assignment of a necessary and sufficient set of permissions, is widely regarded as a best practice. However, the discovery of least privilege can be an error-prone, burdensome task for developers. This is partially because the execution of an action on the cloud sometimes implicitly requires permissions of other services, and since these are difficult to recognize without actual execution, developers are forced to manually iterate the execution of an action and the modification of permissions. In this work, we present an approach to automatically discover least privilege. Our approach utilizes a test suite, which represents what a system should achieve on the cloud, as an indicator of least privilege, and it iterates testing on the cloud and (re)configuration of permissions on the basis of the test results. We also propose a stepwise filtering technique that utilizes the co-occurrences of cloud services/actions and clustering-based pruning to efficiently rule out unnecessary permissions. Our experiments demonstrate that this filtering reduces the number of iterations compared to naive approaches, which directly affects the time and cost to discover least privilege. Moreover, three case studies show that our approach can identify least privilege on Amazon Web Services within a practical time.

Vorheriger Artikel DL4SC: a novel deep learning-based vulnerability detection framework for smart contracts

Nächster Artikel Future of software development with generative AI

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

http://github.com/.

https://github.com/aws-samples/aws-serverless-ecommerce-platform.

Amazon Web Services, Inc. Actions, resources, and condition keys for AWS services. https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html. Accessed 1 Feb 2022 (2022a)

Amazon Web Services, Inc. AWS cloudformation. https://aws.amazon.com/cloudformation/. Accessed 18 Nov 2022 (2022b)

Amazon Web Services, Inc. AWS serverless application model. https://aws.amazon.com/serverless/sam/. Accessed 1 Feb 2022 (2022c)

Amazon Web Services, Inc. IAM best practices—AWS identity and access management. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html. Accessed 18 Nov 2022 (2022d)

Amazon Web Services, Inc. Using AWS IAM access analyzer—AWS identity and access management. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html. Accessed 18 Nov 2022 (2022e)

Artac, M., Borovssak, T., Di Nitto, E., et al.: Devops: introducing infrastructure-as-code. In: Proceedings of the 39th IEEE/ACM International Conference on Software Engineering Companion (2017). https://doi.org/10.1109/ICSE-C.2017.162

Backes, J., Bolignano, P., Cook, B., et al.: Semantic-based automated reasoning for AWS access policies using SMT. In: Proceedings of the International Conference on Formal Methods in Computer Aided Design, FMCAD 2018 (2018). https://doi.org/10.23919/FMCAD.2018.8602994

Binz, T., Breitenbücher, U., Kopp, O., et al.: TOSCA: Portable Automated Deployment and Management of Cloud Applications, pp. 527–549. Springer, New York (2014)

Burgess, M., College, O.: Cfengine: a site configuration engine. In: USENIX Computing Systems (1995)

Buyens, K., Scandariato, R., Joosen, W.: Least privilege analysis in software architectures. Softw. Syst. Model. 12(2), 331–348 (2013). https://doi.org/10.1007/s10270-011-0218-8CrossRef

Cauli, C., Li, M., Piterman, N., et al.: Pre-deployment security assessment for cloud services through semantic reasoning. In: Proceedings of the 33rd International Conference on Computer Aided Verification, CAV 2021 (2021). https://doi.org/10.1007/978-3-030-81685-8_36

Chari, S.N., Cheng, P.C.: Bluebox: a policy-driven, host-based intrusion detection system. ACM Trans. Inf. Syst. Secur. 6(2), 173–200 (2003). https://doi.org/10.1145/762476.762477CrossRef

Chen, H., Dou, W., Wang, D., et al.: Cofi: consistency-guided fault injection for cloud systems. In: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020 (2020). https://doi.org/10.1145/3324884.3416548

Dai, T., Karve, A., Koper, G., et al.: Automatically detecting risky scripts in infrastructure code. In: Proceedings of the 11th ACM Symposium on Cloud Computing, SoCC 2020 (2020). https://doi.org/10.1145/3419111.3421303

DeMarinis, N., Williams-King, K., Jin, D., et al.: sysfilter: automated system call filtering for commodity software. In: Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2020 (2020). https://www.usenix.org/conference/raid2020/presentation/demarinis

Denning, P.J.: Fault tolerant operating systems. ACM Comput. Surv. 8(4), 359–389 (1976). https://doi.org/10.1145/356678.356680CrossRef

Felt, A.P., Chin, E., Hanna, S., et al.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011). https://doi.org/10.1145/2046707.2046779

Gazzola, L., Micucci, D., Mariani, L.: Automatic software repair: a survey. IEEE Trans. Softw. Eng. 45(1), 34–67 (2019). https://doi.org/10.1109/TSE.2017.2755013CrossRef

Geneiatakis, D., Fovino, I.N., Kounelis, I., et al.: A permission verification approach for android mobile applications. Comput. Secur. 49, 192–205 (2015). https://doi.org/10.1016/j.cose.2014.10.005CrossRef

Gill, P., Dietl, W., Tripunitara, M.V.: Least-privilege calls to amazon web services. IEEE Trans. Dependable Secure Comput. 20(3), 2085–2096 (2023). https://doi.org/10.1109/TDSC.2022.3171740CrossRef

Google Cloud. Deployment manager fundamentals. https://cloud.google.com/deployment-manager/docs/fundamentals. Accessed 18 Nov2022 (2022)

Guerriero, M., Garriga, M., Tamburri, D.A., et al.: Adoption, support, and challenges of infrastructure-as-code: insights from industry. In: Proceedings of the 35th IEEE International Conference on Software Maintenance and Evolution, ICSME 2019 (2019). https://doi.org/10.1109/ICSME.2019.00092

Hanappi, O., Hummer, W., Dustdar, S.: Asserting reliable convergence for configuration management scripts. In: Proceedings of the ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016 (2016). https://doi.org/10.1145/2983990.2984000

HashiCorp T. Terraform by hashicorp. https://www.terraform.io/. Accessed 1 Feb 2022 (2022)

Herbold, S.: Autorank: a python package for automated ranking of classifiers. J. Open Source Softw. 5(48), 2173 (2020). https://doi.org/10.21105/joss.02173CrossRef

Hummer, W., Rosenberg, F., Oliveira, F., et al.: Testing idempotence for infrastructure as code. In: Proceedings of the ACM/IFIP/USENIX 14th International Middleware Conference, Middleware 2013 (2013). https://doi.org/10.1007/978-3-642-45065-5_19

Ikeshita, K., Ishikawa, F., Honiden, S.: Test suite reduction in idempotence testing of infrastructure as code. In: Proceedings of the 11th International Conference on Tests and Proofs, TAP 2017 (2017). https://doi.org/10.1007/978-3-319-61467-0_6

Kanies, L.: Puppet: next-generation configuration management. Unisex Mag. 31(1), 19–25 (2006)

Kubernetes. Kubernetes. https://kubernetes.io/. Accessed 18 Nov 2022 (2022)

Le Goues, C., Nguyen, T., Forrest, S., et al.: Genprog: a generic method for automatic software repair. IEEE Trans. Softw. Eng. 38(1), 54–72 (2012). https://doi.org/10.1109/TSE.2011.104CrossRef

Liu, Z., Xia, X., Lo, D., et al.: Automatic, highly accurate app permission recommendation. Autom. Softw. Eng. 26(2), 241–274 (2019). https://doi.org/10.1007/s10515-019-00254-6CrossRef

Microsoft. Azure identity management and access control security best practices. https://docs.microsoft.com/azure/security/fundamentals/identity-management-best-practices. Accessed 18 Nov2022 (2022a)

Microsoft. What are arm templates?. https://learn.microsoft.com/azure/azure-resource-manager/templates/overview. Accessed 18 Nov 2022 (2022b)

Morris, K.: Infrastructure as Code, 2nd edn. O’Reilly Media, Sebastopol (2020)

Murtagh, F.: A survey of recent advances in hierarchical clustering algorithms. Comput. J. 26(4), 354–359 (1983). https://doi.org/10.1093/comjnl/26.4.354CrossRef

Nelson-Smith, S.: Test-Driven Infrastructure with Chef, 2nd edn. O’Reilly Media Inc., Sebastopol (2013)

OASIS Standard. Topology and orchestration specification for cloud applications version 1.0 (2013)

O’Hearn, P.W.: Continuous reasoning: scaling the impact of formal methods. In: Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018 (2018). https://doi.org/10.1145/3209108.3209109

OWASP Foundation. Server side request forgery. https://owasp.org/www-community/attacks/Server_Side_Request_Forgery. Accessed 18 Nov 2022 (2022)

Rahman, A., Mahdavi-Hezaveh, R., Williams, L.: A systematic mapping study of infrastructure as code research. Inf. Softw. Technol. 108, 65–77 (2019a). https://doi.org/10.1016/j.infsof.2018.12.004

Rahman, A., Parnin, C., Williams, L.: The seven sins: security smells in infrastructure as code scripts. In: Proceedings of the 41st International Conference on Software Engineering, ICSE 2019 (2019b). https://doi.org/10.1109/ICSE.2019.00033

Rahman, A., Rahman, M.R., Parnin, C., et al.: Security smells in ansible and chef scripts: a replication study. ACM Trans. Softw. Eng. Methodol. 30(1), 1–31 (2021). https://doi.org/10.1145/3408897CrossRef

Red Hat, Inc. Ansible is simple it automation. https://www.ansible.com/. Accessed 18 Nov 2022 (2022)

Saavedra, N., Ferreira, J.F.: Glitch: automated polyglot security smell detection in infrastructure as code. In: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022 (2022)

Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975). https://doi.org/10.1109/PROC.1975.9939CrossRef

Sandobalin, J., Insfran, E., Abrahao, S.: An infrastructure modelling tool for cloud provisioning. In: Proceedings of the 14th IEEE International Conference on Services Computing, SCC 2017 (2017). https://doi.org/10.1109/SCC.2017.52

Sandobalín, J., Insfran, E., Abrahão, S.: On the effectiveness of tools to support infrastructure as code: model-driven versus code-centric. IEEE Access 8, 17734–17761 (2020)CrossRef

Sharath, A.V.: Aws security flaw which can grant admin access!. https://medium.com/ymedialabs-innovation/an-aws-managed-policy-that-allowed-granting-root-admin-access-to-any-role-51b409ea7ff0. Accessed 18 Nov 2022 (2018)

Shimizu, R., Kanuka, H.: Test-based least privilege discovery on cloud infrastructure as code. In: Proceedings of the 12th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2020 (2020). https://doi.org/10.1109/CloudCom49646.2020.00007

Sotiropoulos, T., Mitropoulos, D., Spinellis, D.: Practical fault detection in puppet programs. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ICSE 2020 (2020). https://doi.org/10.1145/3377811.3380384

Strandberg, P.E., Sundmark, D., Afzal, W., et al.: Experience report: automated system level regression test prioritization using multiple factors. In: Proceedings of the IEEE 27th International Symposium on Software Reliability Engineering, ISSRE 2016 (2016). https://doi.org/10.1109/ISSRE.2016.23

Thoughtworks, Inc. Infrastructure as code | technology radar | thoughtworks. https://www.thoughtworks.com/radar/techniques/infrastructure-as-code. Accessed 18 Nov 2022 (2020)

Wang, S., Pei, K., Whitehouse, J., et al.: Formal security analysis of neural networks using symbolic intervals. In: Proceedings of the 27th USENIX Conference on Security Symposium, SEC 2018 (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/wang-shiqi

Wang, X., Yadav, A.: Exploring the machine learning models behind cloud IAM recommender. https://cloud.google.com/blog/products/identity-security/exploring-the-machine-learning-models-behind-cloud-iam-recommender. Accessed 18 Nov 2022 (2019)

Ward, J.H.: Hierarchical grouping to optimize an objective function. J. Am. Stat. Assoc. 58(301), 236–244 (1963). https://doi.org/10.1080/01621459.1963.10500845MathSciNetCrossRef

Weiss, A., Guha, A., Brun, Y.: Tortoise: interactive system configuration repair. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017 (2017). https://doi.org/10.1109/ASE.2017.8115673

Wettinger, J., Binz, T., Breitenbücher, U., et al.: Unified invocation of scripts and services for provisioning, deployment, and management of cloud applications based on TOSCA. In: Proceedings of the 4th International Conference on Cloud Computing and Services Science, CLOSER 2014 (2014). https://doi.org/10.5220/0004859005590568

Wetzlmaier, T., Ramler, R., Putschögl, W.: A framework for monkey GUI testing. In: Proceedings of the IEEE International Conference on Software Testing, Verification and Validation, ICST 2016 (2016). https://doi.org/10.1109/ICST.2016.51

Wurster, M., Breitenbücher, U., Falkenthal, M., et al.: The essential deployment metamodel: a systematic review of deployment automation technologies. SICS Softw. Intens. Cyber Phys. Syst. 35(1), 63–75 (2020). https://doi.org/10.1007/s00450-019-00412-xCrossRef

Yu, L., Luo, X., Chen, J., et al.: Ppchecker: towards accessing the trustworthiness of android apps’ privacy policies. IEEE Trans. Softw. Eng. 47(2), 221–242 (2021). https://doi.org/10.1109/TSE.2018.2886875CrossRef

Zhai, G., Zeng, J., Ma, M., et al.: Implementation and automatic testing for security enhancement of linux based on least privilege. In: Proceedings of the 2008 International Conference on Information Security and Assurance, ISA 2008 (2008). https://doi.org/10.1109/ISA.2008.61

Zhang, M., Arcuri, A., Li, Y., et al.: White-box fuzzing RPC-based APIs with EvoMaster: an industrial case study. ACM Trans. Softw. Eng. Methodol. (2023). https://doi.org/10.1145/3585009CrossRef

Zhou, H., Wang, H., Wu, S., et al.: Finding the missing piece: permission specification analysis for android NDK. In: Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 (2021). https://doi.org/10.1109/ASE51524.2021.9678843

Titel: Test-suite-guided discovery of least privilege for cloud infrastructure as code
verfasst von: Ryo Shimizu
Yuna Nunomura
Hideyuki Kanuka
Publikationsdatum: 01.05.2024
Verlag: Springer US
Erschienen in: Automated Software Engineering / Ausgabe 1/2024
Print ISSN: 0928-8910
Elektronische ISSN: 1573-7535
DOI: https://doi.org/10.1007/s10515-024-00420-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2024

Sound analysis and migration of data from Ethereum smart contracts

Software defect prediction: future directions and challenges

Automatic recognizing relevant fragments of APIs using API references

Enhancing embedded systems development with TS

Leveraging privacy profiles to empower users in the digital society

WalletRadar: towards automating the detection of vulnerabilities in browser-based cryptocurrency wallets

Premium Partner