Mode Switching Framework with Web Server Case Study

In order to detect relevant reported security vulnerabilities and, in turn, to react appropriately, automation support is needed to reduce the manual effort required for these tasks. Our model-driven framework can be used for developing and managing multi-modal architectures, modes, and modes switches. If a vulnerability is detected, modes are switched automatically to overcome and reduce the risk until software vendors provide patches, and system administrators install them.

To demonstrate the feasibility and potential benefits of our approach described in Paper "A Model-based Mode-Switching-Framework based on Security Vulnerability Scores", we performed a case study for web server security. We analyzed the time span of two years, from Feb. 2019 to Feb. 2021. We created a system configuration with commonly used components: Linux distribution Debian 10 (Buster) and two different implementations of popular web servers in its most recent version: Apache2 (v2.4.38) and nginx (v1.14.2). Additionally running on the web server, PHP (version 7.3) and FastCGI Process Manager are used to serve dynamic web content. Both web servers were selected because they provide similar functionality and work together with PHP. The web content was saved to the common /var/www directory, such that both web servers have access to it. The combination of a web server and a PHP interpreter is used by many common content management systems (CMSs) such as WordPress, Joomla or Typo 3. Typically, an instance of a CMS uses only a single (type of) web server. We investigate how mode switching can improve security and protect the system from reported vulnerabilities by applying our Mode Domain Specific Language (MDSL) and the accompanying mode switching framework.

Features

• Define modes with our Mode Domain Specific Language (MDSL)
• Automatic Operating System (OS) detection
• Generation of the System Configuration from the MDSL-Defintion
• Initialization with the System Configuration (modes)
• Fetch and update Common Vulnerabilitiy Enumerations (CVEs) and Patches
• Calculate the current severity for each mode
• Automatic mode switch based on a changed severity
• Optional manual mode switch
• Show several statistics like the used software, open vulnerabilities, and historic CVEs
• Simulate/execute scenarios

Contents of the repository

1. WebServerCaseStudy (Framework implemented with Java)
2. Mode Domain-specific Language (xtext)
3. Reproduction package (CVEs and patches)
4. Executeable Java jar-file for re-running the case study
5. Preprint of the accepted JSS manuscript