Measuring Attack Surface in Software Architecture (CMU-ISR-11-121)
نویسندگان
چکیده
In this report we show how to adapt the notion of “attack surface” to formally evaluate security properties at the architectural level of design and to identify vulnerabilities in architectural designs. Further we explore the application of this metric in the context of architecture-based transformations to improve security by reducing the attack surface. These transformations are described in detail and validated with a simple experiment. The authors would like to acknowledge Pratyusa Manadhata and Jeannette Wing; without their work formalizing the attack surface metric, our work would not be possible. The authors would also like to thank the Software Engineering Institute for supporting this work. This research was supported in part by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273 from the Army Research Office.
منابع مشابه
Architecture-Based Self-Adaptation for Moving Target Defense (CMU-ISR-14-109)
The fundamental premise behind Moving Target Defense (MTD) is to create a dynamic and shifting system that is more difficult to attack than a static system because a constantly changing attack surface at least reduces the chance of an attacker finding and exploiting the weakness. However, MTD approaches are typically chosen without regard to other qualities of the system, such as performance or...
متن کاملArchitecture-Based Self-Adaptation for Moving Target Defense
Architecture-Based Self-Adaptation for Moving Target Defense Report Title The fundamental premise behind Moving Target Defense (MTD) is to create a dynamic and shifting system that is more difficult to attack than a static system because a constantly changing attack surface at least reduces the chance of an attacker finding and exploiting the weakness. However, MTD approaches are typically chos...
متن کاملMeasuring Attack Surface in Software Architecture
In this report we show how to adapt the notion of “attack surface” to formally evaluate security properties at the architectural level of design and to identify vulnerabilities in architectural designs. Further we explore the application of this metric in the context of architecture-based transformations to improve security by reducing the attack surface. These transformations are described in ...
متن کاملChecking and Measuring the Architectural Structural Conformance of Object-Oriented Systems1
The benefits of architectural analyses are only achieved if one can guarantee that the implementation conforms to the architecture. We propose an approach for checking and measuring the structural conformance of a software system’s implementation to its execution architecture. In contrast to existing approaches, our approach uses static analyses, and works with existing Java-like programming la...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015