Applications of Configuration Information to Security

  • Dennis Heimbigner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2649)


Securing software systems against malicious attack, corruption, and subversion has been an ongoing research problem. Novel applications of software configuration technology may provide solutions to these problems. Three interesting problems and potentials solutions are presented. The problems are intrusion tolerance, misuse protection, and cyber-forensics. The first two can be addressed using dynamic reconfiguration to modify the behavior of a software system. The last problem can be addressed using configuration information as a comprehensive framework on which to hang a variety of other information necessary for forensic analysis.


False Alarm Intrusion Detection Intrusion Detection System Comprehensive Framework Forensic Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hall, R., Heimbigner, D., Wolf, A.: A Cooperative Approach to Support Software Deployment Using the Software Dock. In: Proc. of the 1999 Int’l Conf. on Software Engineering, ACM (1999) 174–183Google Scholar
  2. 2.
    Heimbigner, D., Krane, S.: A Graph Transform Model for Configuration Management Environments,. In: Proc. of the Third ACM-SIGSOFT Symposium on Software Development Environments, Boston, Mass. (1988) 216–225Google Scholar
  3. 3.
    Rutherford, M., Anderson, K., Carzaniga, A., Heimbigner, D., Wolf, A.: Reconfiguration in the Enterprise JavaBean Component Model. In: Proc. of IFIP/ACM Working Conf. on Component Deployment, Berlin, FRG (2002)Google Scholar
  4. 4.
    van der Hoek, A., Carzaniga, A., Heimbigner, D., Wolf, A.: A Testbed for Configuration Management Policy Programming. IEEE Transactions on Software Engineering 28 (2002) 79–99CrossRefGoogle Scholar
  5. 5.
    van der Hoek, A., Heimbigner, D., Wolf, A.: A Generic, Peer-to-Peer Repository for Distributed Configuration Management. In: Proc. of the 18th Int’l Conf. on Software Engineering, Berlin, FRG, (1996)Google Scholar
  6. 6.
    Hall, R., Heimbigner, D., Wolf, A.: Evaluating Software Deployment Languages and Schema. In: Proc. of the 1998 Int’l Conf. on Software Maintenance, IEEE Computer Society (1998) 177–185Google Scholar
  7. 7.
    Knight, J., Heimbigner, D., Wolf, A., Carzaniga, A., Hill, J., Devanbu, P.: The Willow Survivability Architecture. In: Proc. of the Fourth Information Survivability Workshop, Vancouver, B.C. (2002)Google Scholar
  8. 8.
    Cohen, F.: A Mathematical Structure of Simple Defensive Network Deceptions. Technical report, Fred Cohen and Associates Technical Report (1999)
  9. 9.
    Cohen, F., D. Lambert, Preston, C., Berry, N., Stewart, C., Thomas, E.: A Framework for Deception. Technical report, Fred Cohen and Associates Technical Report (2001)
  10. 10.
    Farmer, D., Venema, W.: Coroner’s Toolkit Web Page. (1999)
  11. 11.
    van der Hoek, A.: Configurable Software Architecture in Support of Configuration Management and Software Deployment. In: Proc. of the ICSE99 Doctoral Workshop, Los Angeles, California (1999)Google Scholar
  12. 12.
    Ko, C., Brutch, P., Rowe, J., Tsafnat, G., Levitt, K.: System Health and Intrusion Monitoring Using a Hierarchy of Constraints. In: Proc. Recent Advances in Intrusion Detection. (2001) 190–203Google Scholar
  13. 13.
    Anderson, K., Sherba, S., Lepthien, W.: Towards Large-Scale Information Integration. In: Proc. of the 24th Int’l Conf. on Software Engineering, Orlando, Florida (2002) 524–535Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Dennis Heimbigner
    • 1
  1. 1.Computer Science DepartmentUniversity of ColoradoBoulderUSA

Personalised recommendations