An Approach to Measuring a System's Attack Surface
作者: Pratyusa K. Manadhata , Kymie M. Tan , Roy A. Maxion , Jeannette M. Wing
DOI: 10.21236/ADA476977
关键词:
摘要: Abstract : Practical software security measurements and metrics are critical to the improvement of security. We propose a metric determine whether one system is more secure than another similar with respect their attack surface. use system's surface measurement as an indicator security; larger surface, insecure system. measure in terms three kinds resources used attacks on system: methods, channels, data. demonstrate our by measuring surfaces two open source IMAP servers FTP daemons. validated conducting expert user survey performing statistical analysis Microsoft Security Bulletins. Our can be tool developers development process consumers decision making process.
sci-hub.st 参考文章(23)
Arlene Fink, How To Conduct Surveys: A Step-by-Step Guide ,(1985)
Michael Howard, Jon Pincus, Jeannette M. Wing, Measuring Relative Attack Surfaces Springer, Boston, MA. pp. 109- 137 ,(2005) , 10.1007/0-387-24006-3_8
William R. Shadish, Donald Thomas Campbell, Thomas D. Cook, Experimental and Quasi-Experimental Designs for Generalized Causal Inference ,(2001)
Shari Lawrence Pfleeger, Norman E. Fenton, Software Metrics : A Rigorous and Practical Approach ,(1998)
J. Voas, A. Ghosh, G. McGraw, F. Charron, K. Miller, Defining an adaptive software security metric from a dynamic software failure tolerance measure Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96. pp. 250- 263 ,(1996) , 10.1109/CMPASS.1996.507892
D.M. Nicol, Modeling and simulation in security evaluation ieee symposium on security and privacy. ,vol. 3, pp. 71- 74 ,(2005) , 10.1109/MSP.2005.129
G. McGraw, From the ground up: the DIMACS software security workshop ieee symposium on security and privacy. ,vol. 1, pp. 59- 66 ,(2003) , 10.1109/MSECP.2003.1193213
John McHugh, Quality of protection Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 1- 2 ,(2006) , 10.1145/1179494.1179495
S.M. Bellovin, On the Brittleness of Software and the Infeasibility of Security Metrics ieee symposium on security and privacy. ,vol. 4, pp. 96- 96 ,(2006) , 10.1109/MSP.2006.101
Pratyusa Manadhata, Jeannette Wing, Mark Flynn, Miles McQueen, Measuring the attack surfaces of two FTP daemons Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 3- 10 ,(2006) , 10.1145/1179494.1179497