Litcius/Paper detail

GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code

Nuno Saavedra, João F. Ferreira

202228 citationsDOIOpen Access PDF

Abstract

Infrastructure as Code (IaC) is the process of managing IT infrastructure via programmable configuration files (also called IaC scripts). Like other software artifacts, IaC scripts may contain security smells, which are coding patterns that can result in security weaknesses. Automated analysis tools to detect security smells in IaC scripts exist, but they focus on specific technologies such as Puppet, Ansible, or Chef. This means that when the detection of a new smell is implemented in one of the tools, it is not immediately available for the technologies supported by the other tools — the only option is to duplicate the effort.

Topics & Concepts

Computer scienceScripting languagePolyglotSoftware security assuranceFocus (optics)Secure codingSoftwareGlitchComputer securitySoftware engineeringDatabaseProgramming languageInformation securitySecurity serviceTelecommunicationsPhysicsDetectorOpticsSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Reliability and Analysis Research
GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code | Litcius