A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Supply-Chain Risk Management: Incorporating Security into Software Development
2010
2010 43rd Hawaii International Conference on System Sciences
Preserved Fulltext
Software supply-chain risks include third-party tampering with a product during development or delivery, and, more likely, a compromise of the software assurance through the introduction of software defects ...
The practices improve the likelihood of predictable behavior by systematically analyzing data flows to identify assumptions and using knowledge of attack patterns and vulnerabilities to analyze behavior ...
An attack surface helps to focus the analysis on the code that has to be trusted. A reduced attack surface also reduces the code that has to be evaluated for threats and vulnerabilities. ...
doi:10.1109/hicss.2010.355
dblp:conf/hicss/EllisonW10
fatcat:2log5y7v3reqzpcd4zywjzboby
Mitigation of Threats using Secure SDLC
2015
IJARCCE
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Software design phase in such a way that additional cost and time are not required for system analyzing and defining threat scenario. ...
In this purpose, we use the Secure SDLC . In this paper, we describe how to apply the secure SDLC. ...
Attack Surface Analysis /Reduction: Reducing the opportunities for attacker to exploit a potential weak spot or vulnerabilities requires thoroughly analyzing overall attack surface and includes disabling ...
doi:10.17148/ijarcce.2015.44117
fatcat:jkjucfz5tfbgrptxyunuwvpvjm
An Attack Surface Metric
2011
IEEE Transactions on Software Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We formalize the notion of a system's attack surface using an I/O automata model of the system and introduce an attack surface metric to measure the attack surface in a systematic manner. ...
In this thesis, we measure the attack surfaces of software implemented in C and Java. ...
The software developers can use the detailed output as a guide in reducing the attack surfaces of their software. ...
doi:10.1109/tse.2010.60
fatcat:zfajonlnbfaplfopkptyivrk4q
Using Software Structure to Predict Vulnerability Exploitation Potential
2014
2014 IEEE Eighth International Conference on Software Security and Reliability-Companion
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Most of the attacks on computer systems are due to the presence of vulnerabilities in software. Recent trends show that number of newly discovered vulnerabilities still continue to be significant. ...
Then, we introduce a novel vulnerability exploitability metric based on software structure properties viz.: attack entry points, vulnerability location, presence of dangerous system calls, and reachability ...
Define attack entry points of software We define the attack entry points using the system's attack surface entry point framework in is [9] . ...
doi:10.1109/sere-c.2014.17
dblp:conf/ssiri/YounisM14
fatcat:4xf2g3e26jfffmodz7httr44eu
Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance
2012
Defence Science Journal
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. ...
It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. ...
ATTACK SURFACE AND SYSTEM RESOURCES The term attack surface refers to the amount of code, functionality and interfaces of a system exposed to attackers. ...
doi:10.14429/dsj.62.1291
fatcat:vknumtcz45bn5fikawvg6smflq
Report: Measuring the Attack Surfaces of Enterprise Software
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. ...
We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system. ...
Software developers can use the detailed output as a guide in reducing the attack surfaces of their software. ...
doi:10.1007/978-3-642-00199-4_8
fatcat:io7mm6llm5g5hgi7j2biqxp74q
Dynamic defenses in cyber security: techniques, methods and challenges
2021
Digital Communications and Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. ...
By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing ...
At any time, the attack surface of the system is determined by the attack surface parameter set and the specific value of each parameter in the set. ...
doi:10.1016/j.dcan.2021.07.006
fatcat:riqd5cn5wvgofmguotmqp2kkwe
Attack Surface Metrics and Privilege-based Reduction Strategies for Cyber-Physical Systems
[article]
2018
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Cybersecurity risks are often managed by reducing the system's attack surface, which includes minimizing the number of interconnections, privileges, and impacts of an attack. ...
This paper introduces attack surface analysis metrics and algorithms to evaluate the attack surface of a CPS. ...
MODEL FOR CPS ATTACK SURFACE In this section, we introduce a system model and then define attack surface metrics that incorporate both the cyber and physical system properties. ...
arXiv:1806.06168v1
fatcat:3u4t6xmhrvdoxpie3sbcgv2lgy
Essential Activities for Secure Software Development
2020
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Millions of resources are held in various software worldwide, cyber-attack criminals have made a career in breaching software security for selfish gains, thus necessitating the development and establishment ...
Diverse types of software are used in almost all sectors of businesses in the modern world. ...
With the application of secure software system principles, system requirements are established well, the design is made with focus to reducing the attack surface and the system is implemented in a manner ...
doi:10.5281/zenodo.3742908
fatcat:tezbjio4ufgrffgmj4fglzcxki
D3.2 Security, Safety and Validation Support Definition
2019
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
This deliverable describes the definition of the UNICORE security and safety primitives, which allow UNICORE applications to minimize the attack and failure surface in production. ...
This is done both proactively (using software verification techniques) and reactively (using software hardening techniques). ...
UNICORE and Software Validation In UNICORE we target the Unikraft unikernel for software validation. Its reduced code (and attack surface) make it an ideal target for validation. ...
doi:10.5281/zenodo.3518279
fatcat:wdiiucvwtzfojlo6oc3lpn2jhy
Taking Control of SDN-based Cloud Systems via the Data Plane
2018
Proceedings of the Symposium on SDN Research - SOSR '18
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and "software-defined" manner. ...
In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional ...
Finally, we thank Jan Nordholz, Julian Vetter and Robert Buhren for their valuable discussions on the software countermeasures. ...
doi:10.1145/3185467.3185468
dblp:conf/sosr/ThimmarajuSFHSF18
fatcat:jpufmasaprhydjxrrxgynlz6ra
Approximating Attack Surfaces with Stack Traces
2015
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
The goal of this research is to aid software engineers in prioritizing security efforts by approximating the attack surface of a system via stack trace analysis. ...
In a trial on Windows 8, the attack surface approximation selected 48.4% of the binaries and contained 94.6% of known vulnerabilities. ...
ACKNOWLEDGEMENTS This work was completed as part of a summer internship at Microsoft Research Cambridge UK in the summer of 2014. ...
doi:10.1109/icse.2015.148
dblp:conf/icse/TheisenHMMW15
fatcat:i7q4jlvfmnf2nhhhrdqa4fuivy
Risk-based attack surface approximation
2016
Proceedings of the Symposium and Bootcamp on the Science of Security - HotSos '16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Approach: We propose Risk-Based Attack Surface Approximation (RASA), an approach to determine the attack surface of software systems by using crash dump stack traces and the code that appears on them as ...
We developed a set of attack surface related metrics based on the concepts of a software system changing over time, code complexity, and entry and exit points. ...
While many approaches exist for approximating or reducing the attack surface of software systems, the generation of a complete attack surface for large software systems remains an open question. ...
doi:10.1145/2898375.2898388
dblp:conf/hotsos/TheisenW16
fatcat:oqksjtn4svfbpneizmaup3equ4
Moving target defense: state of the art and characteristics
2016
Frontiers of Information Technology & Electronic Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
First, a new security model is introduced to describe the changes in the traditional defense paradigm and security model caused by the introduction of MTD. ...
Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security. ...
In this sense, it seems that the attack surface of the protected program is reduced. In the two approaches, there is only attack surface reduction but no attack surface shifting. ...
doi:10.1631/fitee.1601321
fatcat:a237eemsfjhsxjrar3fmwbmceu
Cybersecurity Model Based on Hardening for Secure Internet of Things Implementation
2021
Applied Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution. ...
Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. ...
Acknowledgments: The authors acknowledge to Universidad de Las Américas of Ecuador and his Engineer degree in Information Technology. ...
doi:10.3390/app11073260
fatcat:u3ryo5wonbbhjia7lbpimxkl3m
« Previous
Showing results 1 — 15 out of 101,017 results