MAster assignment
Characterizing TLS misconfigurations in IaC files through NLP and ML techniques
Type: Master CS or Master BIT
Period: Start date: as soon as possible
Student: Unassigned
If you are interested please contact:
Objective:
The adoption of Infrastructure as Code (IaC) offers benefits in the management of cloud infrastructure such as faster provisioning and ease of replication. However, this introduces new security vulnerabilities in the configuration files, under the form of so-called “security smells”. Concrete examples include hardcoded credentials and weak cryptographic algorithms. The goal of this thesis is to extend GUARD, an ML-based detection tool for security smells in Ansible IaC files, by considering weak configurations of the TLS protocol in a network infrastructure. Broadly, the research question would unfold in two main steps: 1) using NLP techniques to understand whether configuration files are actually setting up TLS, by focusing on the task names and other features thereof; 2) Employ ML classification methods to identify potential misconfigurations in the TLS setup.