Homepage / Searching for: an attack surface metric

Welcome to Read Book Online

Download an attack surface metric or read an attack surface metric online books in PDF, EPUB and Mobi Format. Click Download or Read Online button to get an attack surface metric book now. Note:! If the content not Found, you must refresh this page manually.

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

Abstract: "We propose a metric to determine whether one version of a software system is more secure than another with respect to the system's attack surface. Rather than count bugs at the code level or count vulnerability reports at system level, we measure a system's attackability, i.e., how likely the system will be successfully attacked. We define the attack surface of a system in terms of the system's attackability along three abstract dimensions: method, data, and channel. Intuitively, the larger the attack surface, the more likely the system will be attacked, and hence the more insecure it is. We demonstrate the use of the attack surface metric by measuring and comparing the attack surface of two versions of a hypothetical IMAP server."...

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Kumar Manadhata
Languange Used : en
Release Date : 2008
Publisher by :

ISBN : OCLC:1445744208

...

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

An Approach To Measuring A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682778

Practical software security measurements and metrics are critical to the improvement of software security. We propose a metric to determine whether one software system is more secure than another similar system with respect to their attack surface. We use a system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We measure a system's attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the use of our attack surface metric by measuring the attack surfaces of two open source IMAP servers and two FTP daemons. We validated the attack surface metric by conducting an expert user survey and by performing statistical analysis of Microsoft Security Bulletins. Our metric can be used as a tool by software developers in the software development process and by software consumers in their decision making process....

Measuring A System S Attack Surface

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2004
Publisher by :

ISBN : OCLC:57217787

Abstract: "We propose a metric to determine whether one version of a system is relatively more secure than another with respect to the system's attack surface. Intuitively, the more exposed the attack surface, the more likely the system could be successfully attacked, and hence the more insecure it is. We define an attack surface in terms of the system's actions that are externally visible to its users and the system's resources that each action accesses or modifies. To apply our metric in practice, rather than consider all possible system resources, we narrow our focus on a 'relevant' subset of resource types, which we call attack classes; these reflect the types of system resources that are more likely to be targets of attack. We assign payoffs to attack classes to represent likelihoods of attack; resources in an attack class with a high payoff value are more likely to be targets or enablers of an attack than resources in an attack class with a low payoff value. We outline a method to identify attack classes and to measure a system's attack surface. We demonstrate and validate our method by measuring the relative attack surface of four different versions of the Linux operating system."...

A Formal Model For A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682772

Practical software security metrics and measurements are essential to the development of secure software [18]. In this paper, we propose to use a software system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We formalize the notion of a system's attack surface using an I/O automata model of the system [15] and define a quantitative measure of the attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the feasibility of our approach by measuring the attack surfaces of two open source FTP daemons and two IMAP servers. Software developers can use our attack surface measurement method in the software development process and software consumers can use the method in their decision making process....

Measuring Attack Surfaces Of Open Source Imap Servers

DOWNLOAD
Author by : Elizabeth Chaos Golubitsky
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:320526518

Abstract: "The attack surface metric provides a means of discussing the susceptibility of software to as-yet-unknown attacks. A system's attack surface encompasses the methods the system makes available to an attacker, and the system resources which can be used to further an attack. The attack surface metric can be used to compare the security of multiple systems which provide the same function. The Internet Message Access Protocol (IMAP) is a protocol which has been in existence for over a decade. Relative to web (HTTP) and e-mail transfer (SMTP) servers, IMAP servers are a niche product, but they are widely deployed nonetheless. There are three popular Open Source Unix IMAP servers (UW-IMAP, Cyrus, and Courier-IMAP), and there has not been a formal security comparison between them. In this project, I use the attack surface metric to discuss the relative security risks posed by these three products. I undertake this evaluation in service of two complementary goals: to provide an honest examination of the security postures and risks of the three servers, and to advance the study of attack surfaces by performing an automated attack surface measurement using a methodology based on counting entry and exit points in the code."...

A Metric For Machine Learning Vulnerability To Adversarial Examples

DOWNLOAD
Author by : Matt Bradley
Languange Used : en
Release Date : 2022
Publisher by :

ISBN : OCLC:1344447625

"Machine learning is used in myriad aspects, both in academic research and in everyday life, including safety-critical applications such as robust robotics, cybersecurity products, medial testing and diagnosis where a false positive or negative could have catastrophic results. Despite the increasing prevalence of machine learning applications and their role in critical systems we rely on daily, the security and robustness of machine learning models is still a relatively young field of research with many open questions, particularly on the defensive side of adversarial machine learning. Chief among these open questions is how best to quantify a model’s attack surface against adversarial examples. Knowing how a model will behave under attacks is critical information for personnel charged with securing critical machine learning applications, and yet research towards such an attack surface metric is incredibly sparse. This dissertation addressed this problem by using previous insights into adversarial example attacks against machine learning models as well as the properties and shortcomings of various defensive techniques to formulate a basic definition of a model’s attack surface, one which allows its behavior under adversarial example attack to be generally predicted. The proposed metric was then subjected to a limited validation using six models, three Neural Networks and three Support Vector Machines (SVMs), using three datasets consisting of random clusters of points in an x,y-coordinate plane. Models were trained against each dataset to generate versions of the same model architecture with different attack surfaces, and these versions were then subjected to attack through adversarial examples generated by a Projected Gradient Descent with Line Search (PGDLS) attack, using varying perturbation budgets for the attack to control attack strength. Model performance at each perturbation budget was recorded and analyzed, leading to a limited validation of the metric for the purpose of defining how a given model will behave against adversarial example attacks." --Abstract (leaf iv)...

Measuring Relative Attack Surfaces

DOWNLOAD
Author by : Michael Howard
Languange Used : en
Release Date : 2003
Publisher by :

ISBN : OCLC:54534840

Abstract: "We propose a metric for determining whether one version of a system is more secure than another with respect to a fixed set of dimensions. Rather than count bugs at the code level or count vulnerability reports at the system level, we count a system's attack opportunities. We use this count as an indication of the system's 'attackability, ' likelihood that it will be successfully attacked. We describe a system's attack surface along three abstract dimensions: targets and enablers, channels and protocols, and access rights. Intuitively, the more exposed the system's surface, the more attack opportunities, and hence the more likely it will be a target of attack. Thus, one way to improve system security is to reduce its attack surface. To validate our ideas, we recast Microsoft Security Bulletin MS02-005 using our terminoloy, and we show how Howard's Relative Attack Surface Quotient for Windows is an instance of our general metric."...

Network Security Metrics

DOWNLOAD
Author by : Lingyu Wang
Languange Used : en
Release Date : 2017-11-15
Publisher by : Springer

ISBN : 9783319665054

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text....