Presentation is loading. Please wait.

Presentation is loading. Please wait.

MetriCon 1.0 An Attack Surface Metric Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus,

Published byAshlynn Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "MetriCon 1.0 An Attack Surface Metric Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus,"— Presentation transcript:

1 MetriCon 1.0 An Attack Surface Metric Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus, wing}@cs.cmu.edu

2 MetriCon 1.0 Motivation and Goals Is system A more secure than system B? Compare the attack surface measurements of A and B. Prior work [HPW03, MW04] shows that attack surface measurement is a good indicator of security. Goal: Define a metric to systematically measure a software system’s attack surface. 0 100 200 300 400 500 600 700 Windows NT 4Windows 2000 Windows Server 2003 RASQ RASQ with IIS enabledRASQ with IIS Lockdown

3 MetriCon 1.0 Intuition Behind Attack Surfaces system surface The attack surface of a system is the ways in which an adversary can enter the system and potentially cause damage. 1. Methods 2. Channels 3. Data Attacks Entry/Exit Points Attack Surface Measurement: Identify relevant resources (methods, channels, and data), and estimate the contribution of each such resource.

4 MetriCon 1.0 Attack Surface Measurement Formal framework to identify a set, M, of entry points and exit points, a set, C, of channels, and a set, I, of untrusted data items. Estimate a resource’s contribution to the attack surface as a damage potential-effort ratio, der. ResourceDamage PotentialEffort MethodPrivilegeAccess Rights ChannelProtocolAccess Rights Data ItemsTypeAccess Rights The measure of the system’s attack surface is the triple,.

5 MetriCon 1.0 IMAPD Example Annotated the source code and analyzed the call graph to identify entry and exit points. Used run time monitoring to identify channels and untrusted data items To compute der, assumed a total ordering among the values of the attributes and assigned numeric values according to the total order Courier 4.0.1 (41KLOC), and Cyrus 2.2.10 (50KLOC)

6 MetriCon 1.0 Validation (work-in-progress) 1.Formal Validation: I/O Automata [LW89] 2.Empirical Validation 1.Vulnerability report count* 2.Machine Learning (MS Security Bulletins) 3.Honeynet Data DatabaseProFTPWu-FTP CERT01 CVE24 SecurityFocus37 *Joint work with Mark Flynn and Miles McQueen, INL.

7 MetriCon 1.0 Backup Slides

8 MetriCon 1.0 IMAPD Example Courier 4.0.1 (41KLOC), and Cyrus 2.2.10 (50KLOC)

9 MetriCon 1.0 Entry Points and Exit Points

10 MetriCon 1.0 Channels and Data Items

11 MetriCon 1.0 Numeric Values

12 MetriCon 1.0 FTPD Example ProFTPD 1.2.10 and Wu-FTPD 2.6.2

13 MetriCon 1.0 Entry Points and Exit Points

14 MetriCon 1.0 Channels and Data Items

15 MetriCon 1.0 Numeric Values

Download ppt "MetriCon 1.0 An Attack Surface Metric Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus,"

Similar presentations

A First Step Towards Characterizing Stealthy Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of Texas at San Antonio.

A First Step Towards Characterizing Stealthy Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of Texas at San Antonio.
Software Fault Tolerance (SWFT) Threat Modeling

Software Fault Tolerance (SWFT) Threat Modeling
Operational Security Risk Metrics: Definitions, Calculations, Visualizations Metricon 2.0 Alain Mayer CTO RedSeal Systems

Operational Security Risk Metrics: Definitions, Calculations, Visualizations Metricon 2.0 Alain Mayer CTO RedSeal Systems
1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de Prof. Neeraj.

1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group Prof. Neeraj.
This material is approved for public release. Distribution is limited by the Software Engineering Institute to attendees. Sponsored by the U.S. Department.

This material is approved for public release. Distribution is limited by the Software Engineering Institute to attendees. Sponsored by the U.S. Department.
DEEDS Meeting Jan., 16th 2007 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Attack.

DEEDS Meeting Jan., 16th 2007 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Attack.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA MINING Su Zhang Department of Computing and Information Science Kansas State University 1.

P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA MINING Su Zhang Department of Computing and Information Science Kansas State University 1.
Software Quality Metrics

Software Quality Metrics
Software Engineering II - Topic: Software Process Metrics and Project Metrics Instructor: Dr. Jerry Gao San Jose State University

Software Engineering II - Topic: Software Process Metrics and Project Metrics Instructor: Dr. Jerry Gao San Jose State University
Software metrics Selected key concepts. Introduction Motivation:  Management:  Appraisal  Assurance  Control  Improvement  Research:  Cause-effect.

Software metrics Selected key concepts. Introduction Motivation:  Management:  Appraisal  Assurance  Control  Improvement  Research:  Cause-effect.
Simple Source Auditing Tools Roy INSA. Outline FLAWFINDER RATS.

Simple Source Auditing Tools Roy INSA. Outline FLAWFINDER RATS.
DIDS part II The Return of dIDS 2/12 CIS 610. 2 GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

DIDS part II The Return of dIDS 2/12 CIS GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.

State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.
1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.

1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.
DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA - MINING --T HIRD P RESENTATION Su Zhang 1.

P REDICTING ZERO - DAY SOFTWARE VULNERABILITIES THROUGH DATA - MINING --T HIRD P RESENTATION Su Zhang 1.
1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.

1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.

Similar presentations

Ads by Google