Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Attack Surface Metric

Published byСтепан Тимашев Modified over 5 years ago

Similar presentations

Presentation on theme: "An Attack Surface Metric"— Presentation transcript:

1 An Attack Surface Metric
Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus, MetriCon 1.0

2 Is system A more secure than system B?
Motivation and Goals Is system A more secure than system B? Compare the attack surface measurements of A and B. Prior work [HPW03, MW04] shows that attack surface measurement is a good indicator of security. 100 200 300 400 500 600 700 Windows NT 4 Windows 2000 Windows Server 2003 RASQ RASQ with IIS enabled RASQ with IIS Lockdown Goal: Define a metric to systematically measure a software system’s attack surface. MetriCon 1.0

3 Intuition Behind Attack Surfaces
2. Channels system surface Entry/Exit Points 1. Methods 3. Data The attack surface of a system is the ways in which an adversary can enter the system and potentially cause damage. Attack Surface Measurement: Identify relevant resources (methods, channels, and data), and estimate the contribution of each such resource. MetriCon 1.0

4 Attack Surface Measurement
Formal framework to identify a set, M, of entry points and exit points, a set, C, of channels, and a set, I, of untrusted data items. Estimate a resource’s contribution to the attack surface as a damage potential-effort ratio, der. Resource Damage Potential Effort Method Privilege Access Rights Channel Protocol Data Items Type The measure of the system’s attack surface is the triple, < , , > . MetriCon 1.0

5 IMAPD Example Courier 4.0.1 (41KLOC), and Cyrus 2.2.10 (50KLOC)
Annotated the source code and analyzed the call graph to identify entry and exit points. Used run time monitoring to identify channels and untrusted data items To compute der, assumed a total ordering among the values of the attributes and assigned numeric values according to the total order MetriCon 1.0

6 Validation (work-in-progress)
Formal Validation: I/O Automata [LW89] Empirical Validation Vulnerability report count* Machine Learning (MS Security Bulletins) Honeynet Data Database ProFTP Wu-FTP CERT 1 CVE 2 4 SecurityFocus 3 7 *Joint work with Mark Flynn and Miles McQueen, INL. MetriCon 1.0

7 Backup Slides MetriCon 1.0

8 IMAPD Example Courier 4.0.1 (41KLOC), and Cyrus 2.2.10 (50KLOC)
MetriCon 1.0

9 Entry Points and Exit Points
MetriCon 1.0

10 Channels and Data Items
MetriCon 1.0

11 Numeric Values MetriCon 1.0

12 FTPD Example ProFTPD and Wu-FTPD 2.6.2 MetriCon 1.0

13 Entry Points and Exit Points
MetriCon 1.0

14 Channels and Data Items
MetriCon 1.0

15 Numeric Values MetriCon 1.0

Download ppt "An Attack Surface Metric"

Similar presentations

Process Database and Process Capability Baseline

Process Database and Process Capability Baseline
Software Fault Tolerance (SWFT) Threat Modeling

Software Fault Tolerance (SWFT) Threat Modeling
CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-732 Incorrect Permission Assignment for Critical Resource
1 Measuring Network Security Using Attack Graphs Anoop Singhal National Institute of Standards and Technology Coauthors: Lingyu Wang and Sushil Jajodia.

1 Measuring Network Security Using Attack Graphs Anoop Singhal National Institute of Standards and Technology Coauthors: Lingyu Wang and Sushil Jajodia.
1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de Prof. Neeraj.

1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group Prof. Neeraj.
DEEDS Meeting Jan., 16th 2007 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Attack.

DEEDS Meeting Jan., 16th 2007 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Attack.
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA MINING Su Zhang Department of Computing and Information Science Kansas State University 1.

P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA MINING Su Zhang Department of Computing and Information Science Kansas State University 1.
Software Quality Metrics

Software Quality Metrics
Software Engineering II - Topic: Software Process Metrics and Project Metrics Instructor: Dr. Jerry Gao San Jose State University

Software Engineering II - Topic: Software Process Metrics and Project Metrics Instructor: Dr. Jerry Gao San Jose State University
Software metrics Selected key concepts. Introduction Motivation:  Management:  Appraisal  Assurance  Control  Improvement  Research:  Cause-effect.

Software metrics Selected key concepts. Introduction Motivation:  Management:  Appraisal  Assurance  Control  Improvement  Research:  Cause-effect.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
DIDS part II The Return of dIDS 2/12 CIS 610. 2 GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

DIDS part II The Return of dIDS 2/12 CIS GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.
State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.

State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.
DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA - MINING --T HIRD P RESENTATION Su Zhang 1.

P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA - MINING --T HIRD P RESENTATION Su Zhang 1.
1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.

1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.
Measuring Relative Attack Surfaces Jeannette Wing School of Computer Science Carnegie Mellon University Joint with Mike Howard and Jon Pincus, Microsoft.

Measuring Relative Attack Surfaces Jeannette Wing School of Computer Science Carnegie Mellon University Joint with Mike Howard and Jon Pincus, Microsoft.
Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Similar presentations

Ads by Google