101,017 Hits in 5.0 sec

Supply-Chain Risk Management: Incorporating Security into Software Development

Robert J. Ellison, Carol Woody
2010 2010 43rd Hawaii International Conference on System Sciences  
Software supply-chain risks include third-party tampering with a product during development or delivery, and, more likely, a compromise of the software assurance through the introduction of software defects  ...  The practices improve the likelihood of predictable behavior by systematically analyzing data flows to identify assumptions and using knowledge of attack patterns and vulnerabilities to analyze behavior  ...  An attack surface helps to focus the analysis on the code that has to be trusted. A reduced attack surface also reduces the code that has to be evaluated for threats and vulnerabilities.  ... 
doi:10.1109/hicss.2010.355 dblp:conf/hicss/EllisonW10 fatcat:2log5y7v3reqzpcd4zywjzboby

Mitigation of Threats using Secure SDLC

Ekta Bhardwaj, Devendra Kumar
2015 IJARCCE  
Software design phase in such a way that additional cost and time are not required for system analyzing and defining threat scenario.  ...  In this purpose, we use the Secure SDLC . In this paper, we describe how to apply the secure SDLC.  ...  Attack Surface Analysis /Reduction: Reducing the opportunities for attacker to exploit a potential weak spot or vulnerabilities requires thoroughly analyzing overall attack surface and includes disabling  ... 
doi:10.17148/ijarcce.2015.44117 fatcat:jkjucfz5tfbgrptxyunuwvpvjm

An Attack Surface Metric

Pratyusa K. Manadhata, Jeannette M. Wing
2011 IEEE Transactions on Software Engineering  
We formalize the notion of a system's attack surface using an I/O automata model of the system and introduce an attack surface metric to measure the attack surface in a systematic manner.  ...  In this thesis, we measure the attack surfaces of software implemented in C and Java.  ...  The software developers can use the detailed output as a guide in reducing the attack surfaces of their software.  ... 
doi:10.1109/tse.2010.60 fatcat:zfajonlnbfaplfopkptyivrk4q

Using Software Structure to Predict Vulnerability Exploitation Potential

Awad A. Younis, Yashwant K. Malaiya
2014 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion  
Most of the attacks on computer systems are due to the presence of vulnerabilities in software. Recent trends show that number of newly discovered vulnerabilities still continue to be significant.  ...  Then, we introduce a novel vulnerability exploitability metric based on software structure properties viz.: attack entry points, vulnerability location, presence of dangerous system calls, and reachability  ...  Define attack entry points of software We define the attack entry points using the system's attack surface entry point framework in is [9] .  ... 
doi:10.1109/sere-c.2014.17 dblp:conf/ssiri/YounisM14 fatcat:4xf2g3e26jfffmodz7httr44eu

Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance

Sumit Goswami, Nabanita Krishnan, Mukesh Verma, Saurabh Saurabh Swarnkar, Pallavi Mahajan
2012 Defence Science Journal  
The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application.  ...  It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant.  ...  ATTACK SURFACE AND SYSTEM RESOURCES The term attack surface refers to the amount of code, functionality and interfaces of a system exposed to attackers.  ... 
doi:10.14429/dsj.62.1291 fatcat:vknumtcz45bn5fikawvg6smflq

Report: Measuring the Attack Surfaces of Enterprise Software [chapter]

Pratyusa K. Manadhata, Yuecel Karabulut, Jeannette M. Wing
2009 Lecture Notes in Computer Science  
Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach.  ...  We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system.  ...  Software developers can use the detailed output as a guide in reducing the attack surfaces of their software.  ... 
doi:10.1007/978-3-642-00199-4_8 fatcat:io7mm6llm5g5hgi7j2biqxp74q

Dynamic defenses in cyber security: techniques, methods and challenges

Yu Zheng, Zheng Li, Xiaolong Xu, Qingzhan Zhao
2021 Digital Communications and Networks  
Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space.  ...  By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing  ...  At any time, the attack surface of the system is determined by the attack surface parameter set and the specific value of each parameter in the set.  ... 
doi:10.1016/j.dcan.2021.07.006 fatcat:riqd5cn5wvgofmguotmqp2kkwe

Attack Surface Metrics and Privilege-based Reduction Strategies for Cyber-Physical Systems [article]

Ali Tamimi, Ozgur Oksuz, Jinyoung Lee, Adam Hahn
2018 arXiv   pre-print
Cybersecurity risks are often managed by reducing the system's attack surface, which includes minimizing the number of interconnections, privileges, and impacts of an attack.  ...  This paper introduces attack surface analysis metrics and algorithms to evaluate the attack surface of a CPS.  ...  MODEL FOR CPS ATTACK SURFACE In this section, we introduce a system model and then define attack surface metrics that incorporate both the cyber and physical system properties.  ... 
arXiv:1806.06168v1 fatcat:3u4t6xmhrvdoxpie3sbcgv2lgy

Essential Activities for Secure Software Development

Mamdouh Alenezi, Sadiq Almuairf
2020 Zenodo  
Millions of resources are held in various software worldwide, cyber-attack criminals have made a career in breaching software security for selfish gains, thus necessitating the development and establishment  ...  Diverse types of software are used in almost all sectors of businesses in the modern world.  ...  With the application of secure software system principles, system requirements are established well, the design is made with focus to reducing the attack surface and the system is implemented in a manner  ... 
doi:10.5281/zenodo.3742908 fatcat:tezbjio4ufgrffgmj4fglzcxki

D3.2 Security, Safety and Validation Support Definition

Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
2019 Zenodo  
This deliverable describes the definition of the UNICORE security and safety primitives, which allow UNICORE applications to minimize the attack and failure surface in production.  ...  This is done both proactively (using software verification techniques) and reactively (using software hardening techniques).  ...  UNICORE and Software Validation In UNICORE we target the Unikraft unikernel for software validation. Its reduced code (and attack surface) make it an ideal target for validation.  ... 
doi:10.5281/zenodo.3518279 fatcat:wdiiucvwtzfojlo6oc3lpn2jhy

Taking Control of SDN-based Cloud Systems via the Data Plane

Kashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, Stefan Schmid
2018 Proceedings of the Symposium on SDN Research - SOSR '18  
Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and "software-defined" manner.  ...  In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional  ...  Finally, we thank Jan Nordholz, Julian Vetter and Robert Buhren for their valuable discussions on the software countermeasures.  ... 
doi:10.1145/3185467.3185468 dblp:conf/sosr/ThimmarajuSFHSF18 fatcat:jpufmasaprhydjxrrxgynlz6ra

Approximating Attack Surfaces with Stack Traces

Christopher Theisen, Kim Herzig, Patrick Morrison, Brendan Murphy, Laurie Williams
2015 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering  
The goal of this research is to aid software engineers in prioritizing security efforts by approximating the attack surface of a system via stack trace analysis.  ...  In a trial on Windows 8, the attack surface approximation selected 48.4% of the binaries and contained 94.6% of known vulnerabilities.  ...  ACKNOWLEDGEMENTS This work was completed as part of a summer internship at Microsoft Research Cambridge UK in the summer of 2014.  ... 
doi:10.1109/icse.2015.148 dblp:conf/icse/TheisenHMMW15 fatcat:i7q4jlvfmnf2nhhhrdqa4fuivy

Risk-based attack surface approximation

Christopher Theisen, Laurie Williams
2016 Proceedings of the Symposium and Bootcamp on the Science of Security - HotSos '16  
Approach: We propose Risk-Based Attack Surface Approximation (RASA), an approach to determine the attack surface of software systems by using crash dump stack traces and the code that appears on them as  ...  We developed a set of attack surface related metrics based on the concepts of a software system changing over time, code complexity, and entry and exit points.  ...  While many approaches exist for approximating or reducing the attack surface of software systems, the generation of a complete attack surface for large software systems remains an open question.  ... 
doi:10.1145/2898375.2898388 dblp:conf/hotsos/TheisenW16 fatcat:oqksjtn4svfbpneizmaup3equ4

Moving target defense: state of the art and characteristics

Gui-lin Cai, Bao-sheng Wang, Wei Hu, Tian-zuo Wang
2016 Frontiers of Information Technology & Electronic Engineering  
First, a new security model is introduced to describe the changes in the traditional defense paradigm and security model caused by the introduction of MTD.  ...  Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security.  ...  In this sense, it seems that the attack surface of the protected program is reduced. In the two approaches, there is only attack surface reduction but no attack surface shifting.  ... 
doi:10.1631/fitee.1601321 fatcat:a237eemsfjhsxjrar3fmwbmceu

Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation

Aarón Echeverría, Cristhian Cevallos, Ivan Ortiz-Garces, Roberto O. Andrade
2021 Applied Sciences  
Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.  ...  Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface.  ...  Acknowledgments: The authors acknowledge to Universidad de Las Américas of Ecuador and his Engineer degree in Information Technology.  ... 
doi:10.3390/app11073260 fatcat:u3ryo5wonbbhjia7lbpimxkl3m
« Previous Showing results 1 — 15 out of 101,017 results