Attack Surface and Defense-in-Depth Metrics - July 2014
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Andy Meneely, Laurie Williams
Researchers: Kevin Campusano Gonzalez
HARD PROBLEM(S) ADDRESSED
- Security Metrics and Models - The project is to develop and analyze metrics that quantify the "shape" of a system's attack surface
- Scalability & Composability - The project delves uses call graph data beyond the attack surface to determine the risk of a given entry point
- Resilient Architectures - The project can be used to analyze large systems in terms of their inputs and outputs, providing information on the architecture of the system
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
None.
ACCOMPLISHMENT HIGHLIGHTS
While work has just begun, we have been making regular progress on building up our tool set and identifying open source case studies.
Groups: