The management of the emerging data centers involves substantial complexity due to numerous resources that must be properly configured at all levels from individual devices to entire systems and services. The complexity of configuration management leads to numerous opportunities for misconfigurations and attacks. It has been estimated that misconfigurations are responsible for 62% of downtime and 65% of security exploits in current computer systems. These, already high percentages, are expected to continue increasing due to current trends of extensive virtualization, architectural heterogeneity, and increasing size.
This project attempts to devise quality metrics to characterize the vulnerability of the given configuration to bad parameter values (set accidentally or by a malicious entity). The quality metrics are also expected to provide guidance for evaluating alternatives to proposed or required configuration changes. The main challenge in characterizing configuration quality is that in practice specifications of correct configuration are not available and the viability of the configuration must be determined by analyzing the application behavior. The key issue to consider in devising the quality metrics relates to the configuration management structure and the direct/indirect dependencies that it implies. The project will examine methods ranging from discovering the configuration structure to flow analysis of the source code along with methods to correlate the discovered information. In many cases, the dependencies are not definitive and hence the quality metrics need to consider fuzzy values and their composition. The project will evaluate the usefulness of the metrics in the context of current open-source software such as Apache web server.
Reducing misconfigurations and detecting them quickly is expected to have a substantial impact on computing systems with respect to their availability, functional correctness, usability, and resistance against hacker attacks. The metrics explored in this project are expected to provide important insights into improving the configuration of systems at various stages including design, deployment, and dynamic reconfiguration.
