An Attack Surface Metric
IEEE Transactions on Software Engineering
I dedicate this thesis to my late uncle, who showed me the way, and my parents, who have always supported me in my journey. iv Abstract Measurement of security has been a long standing challenge to the research community. Practical security measurements and metrics are critical to the improvement of software security. Hence the need for security metrics has recently become more pressing. In this thesis, we introduce the measure of a software system's attack surface as an indicator of the
... s security. The larger the attack surface, the more insecure the system. We formalize the notion of a system's attack surface using an I/O automata model of the system and introduce an attack surface metric to measure the attack surface in a systematic manner. Our attack surface measurement method is agnostic to a software system's implementation language and is applicable to systems of all sizes. In this thesis, we measure the attack surfaces of software implemented in C and Java. We also demonstrate that the method scales to enterprise-scale software by measuring the attack surfaces of complex SAP business applications. Validation of security metrics is challenging and is a relatively unexplored territory. In this thesis, we conduct three exploratory empirical studies to validate our measurement method and measurements results: an expert user survey, a statistical analysis of Microsoft Security Bulletins, and an analysis of security vulnerability patches of popular open source software. Both software developers and software consumers can use the attack surface metric. We demonstrate the use of the metric in software consumers' decision making process by comparing the attack surface measurements of two IMAP servers and two FTP daemons. Our collaboration with SAP demonstrates the use of the metric in the software development process. vi Acknowledgments I am indebted to my advisor, Jeannette M. Wing, for her guidance, encouragement, and support throughout the Ph.D. program. She taught me rigorous research, precise writing, and effective presentation skills. It has been a privilege to grow under her guidance, both as a researcher and as a person. I am forever grateful to her for the enormous amount of time she spent working with me.