Attack Surface Identification and Reduction Model Applied in Scrum

Submitted by grigby1 on Fri, 08/28/2020 - 10:50am

Title	Attack Surface Identification and Reduction Model Applied in Scrum
Publication Type	Conference Paper
Year of Publication	2019
Authors	Yee, George O. M.
Conference Name	2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Date Published	June 2019
Publisher	IEEE
ISBN Number	978-1-7281-0229-0
Keywords	attack surface, attack surface identification, computer security, Data models, Identification, Metrics, pubcrawl, reduction, resilience, Resiliency, Scalability, scrum reduction model, security improvement, security of data, sensitive data, Serum, Software, software engineering, software prototyping, software security vulnerabilities, software system, Software systems, Surface treatment, visual model, visualization
Abstract	Today's software is full of security vulnerabilities that invite attack. Attackers are especially drawn to software systems containing sensitive data. For such systems, this paper presents a modeling approach especially suited for Serum or other forms of agile development to identify and reduce the attack surface. The latter arises due to the locations containing sensitive data within the software system that are reachable by attackers. The approach reduces the attack surface by changing the design so that the number of such locations is reduced. The approach performs these changes on a visual model of the software system. The changes are then considered for application to the actual system to improve its security.
URL	https://ieeexplore.ieee.org/document/8884956
DOI	10.1109/CyberSecPODS.2019.8884956
Citation Key	yee_attack_2019

Groups:

Science of Security VO