Homepage / Searching for: measuring a system s attack surface

Welcome to Read Book Online

Download measuring a system s attack surface or read measuring a system s attack surface online books in PDF, EPUB and Mobi Format. Click Download or Read Online button to get measuring a system s attack surface book now. Note:! If the content not Found, you must refresh this page manually.

An Approach To Measuring A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682778

Practical software security measurements and metrics are critical to the improvement of software security. We propose a metric to determine whether one software system is more secure than another similar system with respect to their attack surface. We use a system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We measure a system's attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the use of our attack surface metric by measuring the attack surfaces of two open source IMAP servers and two FTP daemons. We validated the attack surface metric by conducting an expert user survey and by performing statistical analysis of Microsoft Security Bulletins. Our metric can be used as a tool by software developers in the software development process and by software consumers in their decision making process....

Measuring A System S Attack Surface

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2004
Publisher by :

ISBN : OCLC:57217787

Abstract: "We propose a metric to determine whether one version of a system is relatively more secure than another with respect to the system's attack surface. Intuitively, the more exposed the attack surface, the more likely the system could be successfully attacked, and hence the more insecure it is. We define an attack surface in terms of the system's actions that are externally visible to its users and the system's resources that each action accesses or modifies. To apply our metric in practice, rather than consider all possible system resources, we narrow our focus on a 'relevant' subset of resource types, which we call attack classes; these reflect the types of system resources that are more likely to be targets of attack. We assign payoffs to attack classes to represent likelihoods of attack; resources in an attack class with a high payoff value are more likely to be targets or enablers of an attack than resources in an attack class with a low payoff value. We outline a method to identify attack classes and to measure a system's attack surface. We demonstrate and validate our method by measuring the relative attack surface of four different versions of the Linux operating system."...

A Formal Model For A System S Attack Surface

DOWNLOAD
Author by :
Languange Used : en
Release Date : 2007
Publisher by :

ISBN : OCLC:318682772

Practical software security metrics and measurements are essential to the development of secure software [18]. In this paper, we propose to use a software system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We formalize the notion of a system's attack surface using an I/O automata model of the system [15] and define a quantitative measure of the attack surface in terms of three kinds of resources used in attacks on the system: methods, channels, and data. We demonstrate the feasibility of our approach by measuring the attack surfaces of two open source FTP daemons and two IMAP servers. Software developers can use our attack surface measurement method in the software development process and software consumers can use the method in their decision making process....

Measuring Attack Surfaces Of Open Source Imap Servers

DOWNLOAD
Author by : Elizabeth Chaos Golubitsky
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:320526518

Abstract: "The attack surface metric provides a means of discussing the susceptibility of software to as-yet-unknown attacks. A system's attack surface encompasses the methods the system makes available to an attacker, and the system resources which can be used to further an attack. The attack surface metric can be used to compare the security of multiple systems which provide the same function. The Internet Message Access Protocol (IMAP) is a protocol which has been in existence for over a decade. Relative to web (HTTP) and e-mail transfer (SMTP) servers, IMAP servers are a niche product, but they are widely deployed nonetheless. There are three popular Open Source Unix IMAP servers (UW-IMAP, Cyrus, and Courier-IMAP), and there has not been a formal security comparison between them. In this project, I use the attack surface metric to discuss the relative security risks posed by these three products. I undertake this evaluation in service of two complementary goals: to provide an honest examination of the security postures and risks of the three servers, and to advance the study of attack surfaces by performing an automated attack surface measurement using a methodology based on counting entry and exit points in the code."...

Measuring Relative Attack Surfaces

DOWNLOAD
Author by : Michael Howard
Languange Used : en
Release Date : 2003
Publisher by :

ISBN : OCLC:54534840

Abstract: "We propose a metric for determining whether one version of a system is more secure than another with respect to a fixed set of dimensions. Rather than count bugs at the code level or count vulnerability reports at the system level, we count a system's attack opportunities. We use this count as an indication of the system's 'attackability, ' likelihood that it will be successfully attacked. We describe a system's attack surface along three abstract dimensions: targets and enablers, channels and protocols, and access rights. Intuitively, the more exposed the system's surface, the more attack opportunities, and hence the more likely it will be a target of attack. Thus, one way to improve system security is to reduce its attack surface. To validate our ideas, we recast Microsoft Security Bulletin MS02-005 using our terminoloy, and we show how Howard's Relative Attack Surface Quotient for Windows is an instance of our general metric."...

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

Abstract: "We propose a metric to determine whether one version of a software system is more secure than another with respect to the system's attack surface. Rather than count bugs at the code level or count vulnerability reports at system level, we measure a system's attackability, i.e., how likely the system will be successfully attacked. We define the attack surface of a system in terms of the system's attackability along three abstract dimensions: method, data, and channel. Intuitively, the larger the attack surface, the more likely the system will be attacked, and hence the more insecure it is. We demonstrate the use of the attack surface metric by measuring and comparing the attack surface of two versions of a hypothetical IMAP server."...

An Attack Surface Metric

DOWNLOAD
Author by : Pratyusa Manadhata
Languange Used : en
Release Date : 2005
Publisher by :

ISBN : OCLC:246976977

Network Security Metrics

DOWNLOAD
Author by : Lingyu Wang
Languange Used : en
Release Date : 2017-11-15
Publisher by : Springer

ISBN : 9783319665054

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text....

Computer Security In The 21st Century

DOWNLOAD
Author by : D.T. Lee
Languange Used : en
Release Date : 2005-12-05
Publisher by : Springer Science & Business Media

ISBN : 9780387240060

Computer Security in the 21st Century shares some of the emerging important research trends reflected in recent advances in computer security, including: security protocol design, secure peer-to-peer and ad hoc networks, multimedia security, and intrusion detection, defense and measurement. Highlights include presentations of : - Fundamental new security - Cryptographic protocols and design, - A new way of measuring network vulnerability: attack surfaces, - Network vulnerability and building impenetrable systems, - Multimedia content protection including a new standard for photographic images, JPEG2000. Researchers and computer security developers will find in this book interesting and useful insights into building computer systems that protect against computer worms, computer viruses, and other related concerns....

Engineering Secure Software And Systems

DOWNLOAD
Author by : Fabio Massacci
Languange Used : en
Release Date : 2009-01-21
Publisher by : Springer Science & Business Media

ISBN : 9783642001987

This book constitutes the refereed proceedings of the First International Symposium on Engineering Secure Software and Systems, ESSoS 2009, held in Leuven, Belgium, in February 2009. The 10 revised full papers presented together with 7 industry reports and ideas papers were carefully reviewed and selected from 57 submissions. The papers are organized in topical sections on policy verification and enforcement, model refinement and program transformation, secure system development, attack analysis and prevention, as well as testing and assurance....