System administrators are usually trusted to be experts on the systems they control, yet security breaches and performance problems can often be traced to improper configuration by these same administrators. These configuration mistakes aren’t made deliberately and certainly not maliciously, but are usually due to a lack of information about the consequences and interactions of these settings. We call this *Uninformed Configuration*. Existing research focuses on ensuring users don’t make security mistakes or helping developers/engineers validate their systems meet security and performance targets, but there is little research focusing on the system administrator who bridges these two groups, taking systems from developers and maintaining them for the end user.

First, we will show practical examples of the dangers of uninformed configuration and some of the methods that have been attempted to mitigate the issue, and we will explain why those methods are inadequate.

Second, we will dive into the difficulties in finding and tracking the critical settings of systems, explain why it is so difficult and develop a standard way of describing/explaining/analyzing these settings for use in advising the administrator and by other software.

Lastly, we will present **NUCLEAR: the NUCLEAR Uninformed Configuration Locator, Explainer, Advisor and Repairer**, a tool which will combine the previously described settings and help administrators better configure their systems, while resolving the issues with the existing inadequate methods.

Examining Committee: 

 

                          Chair:               Dr. Ashok Agrawala
                          Dept rep:         Dr.  David Van Horn
                          Members:        Dr. Pete Keleher