A Formal Model for a System's Attack Surface

Abstract

Practical software security metrics and measurements are essential to the development of secure software [18]. In this paper, we propose to use a software system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We formalize the notion of a system's attack surface using an I/O automata model of the system [15] and define a quantitative measure of the attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the feasibility of our approach by measuring the attack surfaces of two open source FTP daemons and two IMAP servers. Software developers can use our attack surface measurement method in the software development process and software consumers can use the method in their decision making process.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2007
Accession Number
ADA476799

Entities

People

  • Dilsun K. Kaynar
  • Jeannette Wing
  • Pratysua K. Manadhata

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Application Protocols
  • Application Software
  • Automata
  • Communication Channels
  • Complex Systems
  • Computer Programs
  • Computer Science
  • Computers
  • Consumers
  • Environment
  • Indicators
  • Information Operations
  • Measurement
  • Operating Systems
  • Security
  • Software Development
  • Web Service

Fields of Study

  • Computer science
  • Engineering

Readers

  • Aerodynamics/Aeronautics.
  • Mathematical Modeling and Probability Theory.
  • Software Engineering.