Modeling and Reducing the Attack Surface in Software Systems
| Title | Modeling and Reducing the Attack Surface in Software Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Yee, George O.M. |
| Conference Name | 2019 IEEE/ACM 11th International Workshop on Modelling in Software Engineering (MiSE) |
| Date Published | May 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-2231-1 |
| Keywords | attack surface, Computational modeling, Credit cards, Data, Data models, graph theory, graphical model, Location, Metrics, Organizations, pubcrawl, reduction, resilience, Resiliency, Scalability, security, security of data, security vulnerabilities, sensitive, Software, software system, Software systems, system |
| Abstract | In today's world, software is ubiquitous and relied upon to perform many important and critical functions. Unfortunately, software is riddled with security vulnerabilities that invite exploitation. Attackers are particularly attracted to software systems that hold sensitive data with the goal of compromising the data. For such systems, this paper proposes a modeling method applied at design time to identify and reduce the attack surface, which arises due to the locations containing sensitive data within the software system and the accessibility of those locations to attackers. The method reduces the attack surface by changing the design so that the number of such locations is reduced. The method performs these changes on a graphical model of the software system. The changes are then considered for application to the design of the actual system to improve its security. |
| URL | https://ieeexplore.ieee.org/document/8877090 |
| DOI | 10.1109/MiSE.2019.00016 |
| Citation Key | yee_modeling_2019 |