Publication Date

5-2022

Advisor(s) - Committee Chair

Guangming Xing, Director, Michael Galloway, Qi Li

Degree Program

Department of Computer Science

Degree Type

Master of Science

Abstract

Modern software has a smaller attack surface today than in the past. Memory-safe languages, container runtimes, virtual machines, and a mature web stack all contribute to the relative safety of the web and software in general compared to years ago. Despite this, we still see high-profile bugs, hacks, and outages which affect major companies and widely-used technologies. The extensive work that has gone into hardening virtualization, containerization, and commonly used applications such as Nginx still depends on the end-user to configure correctly to prevent a compromised machine.

In this paper, I introduce a tool, which I call Canary, which can detect configuration errors as well as fix them or at least alert the user of their presence. Canary could be used when setting up a new machine or application as well as in a regular security audit on an existing system. This program could be used to evaluate whether a system is following security best practices and help the administrator resolve simple issues without spending time investigating them. It could also be used in conjunction with new automation tools to create a security step when provisioning cloud infrastructure.

Disciplines

Computer Sciences | Information Security | OS and Networks | Physical Sciences and Mathematics | Software Engineering

Download

Share

COinS