Advisor(s) - Committee Chair
Guangming Xing, Director, Michael Galloway, Qi Li
Department of Computer Science
Master of Science
Modern software has a smaller attack surface today than in the past. Memory-safe languages, container runtimes, virtual machines, and a mature web stack all contribute to the relative safety of the web and software in general compared to years ago. Despite this, we still see high-profile bugs, hacks, and outages which affect major companies and widely-used technologies. The extensive work that has gone into hardening virtualization, containerization, and commonly used applications such as Nginx still depends on the end-user to configure correctly to prevent a compromised machine.
In this paper, I introduce a tool, which I call Canary, which can detect configuration errors as well as fix them or at least alert the user of their presence. Canary could be used when setting up a new machine or application as well as in a regular security audit on an existing system. This program could be used to evaluate whether a system is following security best practices and help the administrator resolve simple issues without spending time investigating them. It could also be used in conjunction with new automation tools to create a security step when provisioning cloud infrastructure.
Computer Sciences | Information Security | OS and Networks | Physical Sciences and Mathematics | Software Engineering
Wiles, David, "Canary: An Automated Approach to Security Scanning and Remediation" (2022). Masters Theses & Specialist Projects. Paper 3547.