New publication at ASE 2020: Automated Implementation of Windows-related Security-Configuration Guides


Title: Automated Implementation of Windows-related Security-Configuration Guides
Authors: Patrick Stöckle, Dr. Bernd Grobauer, and Prof. Dr. Alexander Pretschner
Conference: IEEE/ACM Automated Software Engineering (ASE)

Security-configuration guides describe how we should configure our system, e.g., Windows 10, to make it more secure. The problem is that administrators have to implement them manually based on the instruction texts. In this work, we present an approach that uses natural language processing to implement Windows-related security-configuration guides automatically. Furthermore, we demonstrate that our proof of concept implements 83% of a guide’s rules with no manual effort and 97% of over 2000 rules correctly. Conclusively, we hope that our work will lead to fewer incidents related to insecure configured systems.

Read the publication here: doi.org/10.1145/3324884.3416540 (Available as of the end of October)

A recording of the presentation will also be available as of the end of October.