Attack Surface Measurement and Attack Surface Reduction

Attack Surface Measurement

Contents

Introduction
People
Publications
Talks
Other Articles

Please send comments to Pratyusa [pratyus@cs.cmu.edu].

Introduction

Measurement of security, both qualitatively and quantitatively, has been a long standing challenge to the research community and is of practical import to software industry today. Software industry has responded to demands for improvement in software security by increasing effort for creating ``more secure'' products and services. How can industry determine whether this effort is paying off and how can consumers determine whether industry's effort has made a difference? Our work looks at an important question faced by both industry and consumers today: How can we quantify a software system's security?

We propose to use the measure of a software system's attack surface as an indicator of the system's security. Intuitively, a system's attack surface is the set of ways in which an adversary can enter the system and potentially cause damage. Hence the larger the attack surface, the more insecure the system.

People

Publications

Measuring the Attack Surfaces of Enterprise Software [abstract | pdf], Pratyusa K. Manadhata, Yuecel Karabulut, and Jeannette M. Wing, International Symposium on Engineering Secure Software and Systems, Leuven, Belgium, February 2009.

Measuring the Attack Surfaces of SAP Business Applications [abstract | pdf], Pratyusa K. Manadhata, Yuecel Karabulut, and Jeannette M. Wing, CMU Technical Report CMU-CS-08-134, May 2008. Accepted to IEEE International Symposium on Software Reliability Engineering (ISSRE), Seattle, WA, November 2008.

An Approach to Measuring A System's Attack Surface [abstract | pdf], Pratyusa K. Manadhata, Kymie M. C. Tan, Roy A. Maxion, and Jeannette M. Wing, CMU Technical Report CMU-CS-07-146, August 2007.

Supercedes CMU-CS-05-155.

A Formal Model for A System's Attack Surface [abstract | pdf], Pratyusa K. Manadhata, Dilsun K. Kaynar, and Jeannette M. Wing, CMU Technical Report CMU-CS-07-144, July 2007.

Measuring the Attack Surfaces of Two FTP Daemons [abstract | pdf], Pratyusa .K. Manadhata, Jeannette .M. Wing, Mark .A. Flynn, and Miles .A. McQueen, ACM Computer and Communications Security (CCS) Workshop on Quality of Protection (QoP), Alexandria, VA, October 2006.

An Attack Surface Metric [pdf], Pratyusa K. Manadhata and Jeannette M. Wing, USENIX Security Workshop on Security Metrics (MetriCon), Vancouver, BC, August 2006. Position paper.

An Attack Surface Metric [abstract | ps | pdf], Pratyusa K. Manadhata and Jeannette M. Wing, Technical Report CMU-CS-05-155, July 2005.

The Windows and Linux measurement results show that the attack surface measurement holds promise. The measurement methods, however, were based on intuition and relied on the history of attacks on Windows and Linux. In this paper, we introduce a systematic method for measuring a system's attack surface. We introduce the formal entry point and exit point framework to identify the resources that are part of the attack surface. We also introduce the notion of attackability to estimate a resource's contribution to the attack surface.

Measuring a System's Attack Surface [abstract | ps | pdf], Pratyusa K. Manadhata and Jeannette M. Wing, Technical Report CMU-CS-04-102, January 2004.

In this paper, we generalize the RASQ approach and measure the attack surfaces of four versions of Linux. This is our first attempt at formalizing the notion of a system's attack surface.

Measuring Relative Attack Surfaces [abstract | ps | pdf], Michael Howard, Jon Pincus, and Jeannette M. Wing, Proceedings of Workshop on Advanced Developments in Software and Systems Security, Taipei, December 2003.

Michael Howard of Microsoft informally introduced the notion of Relative Attack Surface Quotient (RASQ) for the Windows operating system. In this paper, Pincus and Wing extend Howard's method and measure the attack surfaces of seven versions of Windows.

Talks

Measuring the Attack Surfaces of SAP Software Systems, IEEE International Symposium on Software Reliability Engineering (ISSRE), Seattle, WA, November 2008.

Measuring the Attack Surfaces of SAP Software Systems, SAP Academic Symposium, Palo Alto, CA, August 2008.

Attack Surface Measurement, SAP Labs, Raanana, Israel, September 2007.

Measuring Attack Surfaces of Business Applications, SAP Academic Symposium, Palo Alto, CA, June 2007.

Measuring Attack Surfaces of Business Applications, SAP Research Palo Alto, Palo Alto, CA, June 2007.

Attack Surface Measurement, SAP Research Karlsruhe, Karlsruhe, Germany, May 2007.

Attack Surface Measurement, SAP AG, Walldorf, Germany, May 2007.

An Attack Surface Metric, School of Computer Science Student Seminar Series, Carnegie Mellon University, Pittsburgh, PA, February 2007.

Challenges in Attack Surface Measurement, Software Engineering Institute (SEI) IRAD Review, Software Engineering Institute, Pittsburgh, PA, Dec 2006.

Measuring the Attack Surfaces of two FTP Daemons, ACM Computer and Communications Security (CCS) Workshop on Quality of Protection, Alexandria, VA, October 2006.

An Attack Surface Metric, USENIX Security Workshop on Security Metrics, Vancouver, BC, August 2006.

An Attack Surface Metric, Army Research Office (ARO) CyLab Research Program Review, Carnegie Mellon University, Pittsburgh, PA, May 2006.

An Attack Surface Metric, Software Engineering Institute (SEI) IRAD Review, Software Engineering Institute, Pittsburgh, PA, May 2006.

Attack Surface Measurement, Army Research Office (ARO) CyLab Research Program Review, Carnegie Mellon University, Pittsburgh, PA, June 2004.