Homepage / Searching for: an approach to measuring a system s attack surface

Welcome to Read Book Online

Download an approach to measuring a system s attack surface or read an approach to measuring a system s attack surface online books in PDF, EPUB and Mobi Format. Click Download or Read Online button to get an approach to measuring a system s attack surface book now. Note:! If the content not Found, you must refresh this page manually.

An Approach To Measuring A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682778

Practical software security measurements and metrics are critical to the improvement of software security. We propose a metric to determine whether one software system is more secure than another similar system with respect to their attack surface. We use a system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We measure a system's attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the use of our attack surface metric by measuring the attack surfaces of two open source IMAP servers and two FTP daemons. We validated the attack surface metric by conducting an expert user survey and by performing statistical analysis of Microsoft Security Bulletins. Our metric can be used as a tool by software developers in the software development process and by software consumers in their decision making process....

A Formal Model For A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682772

Practical software security metrics and measurements are essential to the development of secure software [18]. In this paper, we propose to use a software system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We formalize the notion of a system's attack surface using an I/O automata model of the system [15] and define a quantitative measure of the attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the feasibility of our approach by measuring the attack surfaces of two open source FTP daemons and two IMAP servers. Software developers can use our attack surface measurement method in the software development process and software consumers can use the method in their decision making process....

Measuring A System S Attack Surface

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2004
Publisher by :

ISBN : OCLC:57217787

Abstract: "We propose a metric to determine whether one version of a system is relatively more secure than another with respect to the system's attack surface. Intuitively, the more exposed the attack surface, the more likely the system could be successfully attacked, and hence the more insecure it is. We define an attack surface in terms of the system's actions that are externally visible to its users and the system's resources that each action accesses or modifies. To apply our metric in practice, rather than consider all possible system resources, we narrow our focus on a 'relevant' subset of resource types, which we call attack classes; these reflect the types of system resources that are more likely to be targets of attack. We assign payoffs to attack classes to represent likelihoods of attack; resources in an attack class with a high payoff value are more likely to be targets or enablers of an attack than resources in an attack class with a low payoff value. We outline a method to identify attack classes and to measure a system's attack surface. We demonstrate and validate our method by measuring the relative attack surface of four different versions of the Linux operating system."...

Network Security Metrics

DOWNLOAD
Author by : Lingyu Wang
Languange Used : en
Release Date : 2017-11-15
Publisher by : Springer

ISBN : 9783319665054

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text....

Moving Target Defense Ii

DOWNLOAD
Author by : Sushil Jajodia
Languange Used : en
Release Date : 2012-09-18
Publisher by : Springer Science & Business Media

ISBN : 9781461454151

Our cyber defenses are static and are governed by lengthy processes, e.g., for testing and security patch deployment. Adversaries could plan their attacks carefully over time and launch attacks at cyber speeds at any given moment. We need a new class of defensive strategies that would force adversaries to continually engage in reconnaissance and re-planning of their cyber operations. One such strategy is to present adversaries with a moving target where the attack surface of a system keeps changing. Moving Target Defense II: Application of Game Theory and Adversarial Modeling includes contributions from world experts in the cyber security field. In the first volume of MTD, we presented MTD approaches based on software transformations, and MTD approaches based on network and software stack configurations. In this second volume of MTD, a group of leading researchers describe game theoretic, cyber maneuver, and software transformation approaches for constructing and analyzing MTD systems. Designed as a professional book for practitioners and researchers working in the cyber security field, advanced -level students and researchers focused on computer science will also find this book valuable as a secondary text book or reference....

Engineering Secure Software And Systems

DOWNLOAD
Author by : Fabio Massacci
Languange Used : en
Release Date : 2009-01-21
Publisher by : Springer Science & Business Media

ISBN : 9783642001987

This book constitutes the refereed proceedings of the First International Symposium on Engineering Secure Software and Systems, ESSoS 2009, held in Leuven, Belgium, in February 2009. The 10 revised full papers presented together with 7 industry reports and ideas papers were carefully reviewed and selected from 57 submissions. The papers are organized in topical sections on policy verification and enforcement, model refinement and program transformation, secure system development, attack analysis and prevention, as well as testing and assurance....

Moving Target Defense

DOWNLOAD
Author by : Sushil Jajodia
Languange Used : en
Release Date : 2011-08-26
Publisher by : Springer Science & Business Media

ISBN : 9781461409779

Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable....

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

Abstract: "We propose a metric to determine whether one version of a software system is more secure than another with respect to the system's attack surface. Rather than count bugs at the code level or count vulnerability reports at system level, we measure a system's attackability, i.e., how likely the system will be successfully attacked. We define the attack surface of a system in terms of the system's attackability along three abstract dimensions: method, data, and channel. Intuitively, the larger the attack surface, the more likely the system will be attacked, and hence the more insecure it is. We demonstrate the use of the attack surface metric by measuring and comparing the attack surface of two versions of a hypothetical IMAP server."...

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

Computer Security In The 21st Century

DOWNLOAD
Author by : D.T. Lee
Languange Used : en
Release Date : 2005-12-05
Publisher by : Springer Science & Business Media

ISBN : 9780387240060

Computer Security in the 21st Century shares some of the emerging important research trends reflected in recent advances in computer security, including: security protocol design, secure peer-to-peer and ad hoc networks, multimedia security, and intrusion detection, defense and measurement. Highlights include presentations of : - Fundamental new security - Cryptographic protocols and design, - A new way of measuring network vulnerability: attack surfaces, - Network vulnerability and building impenetrable systems, - Multimedia content protection including a new standard for photographic images, JPEG2000. Researchers and computer security developers will find in this book interesting and useful insights into building computer systems that protect against computer worms, computer viruses, and other related concerns....