Visible to the public Reusing Stack Traces: Automated Attack Surface Approximation

TitleReusing Stack Traces: Automated Attack Surface Approximation
Publication TypeConference Paper
Year of Publication2016
AuthorsTheisen, Christopher
Conference NameProceedings of the 38th International Conference on Software Engineering Companion
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4205-6
Keywordsattack surface, Big Data, big data security, big data security metrics, crashes, Metrics, pubcrawl, security, security metrics, Stack traces
Abstract

Security requirements around software systems have become more stringent as society becomes more interconnected via the Internet. New ways of prioritizing security efforts are needed so security professionals can use their time effectively to find security vulnerabilities or prevent them from occurring in the first place. The goal of this work is to help software development teams prioritize security efforts by approximating the attack surface of a software system via stack trace analysis. Automated attack surface approximation is a technique that uses crash dump stack traces to predict what code may contain exploitable vulnerabilities. If a code entity (a binary, file or function) appears on stack traces, then Attack Surface Approximation (ASA) considers that code entity is on the attack surface of the software system. We also explore whether number of appearances of code on stack traces correlates with where security vulnerabilities are found. To date, feasibility studies of ASA have been performed on Windows 8 and 8.1, and Mozilla Firefox. The results from these studies indicate that ASA may be useful for practitioners trying to secure their software systems. We are now working towards establishing the ground truth of what the attack surface of software systems is, along with looking at how ASA could change over time, among other metrics.

URLhttp://doi.acm.org/10.1145/2889160.2889263
DOI10.1145/2889160.2889263
Citation Keytheisen_reusing_2016