Measuring Attack Surface in Software Architecture

In this report we show how to adapt the notion of “attack surface” to formally evaluate security properties at the architectural level of design and to identify vulnerabilities in architectural designs. Further we explore the application of this metric in the context of architecture-based transformations to improve security by reducing the attack surface. These transformations are described in detail and validated with a simple experiment. The authors would like to acknowledge Pratyusa Manadhata and Jeannette Wing; without their work formalizing the attack surface metric, our work would not be possible. The authors would also like to thank the Software Engineering Institute for supporting this work. This research was supported in part by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273 from the Army Research Office.