Attack Surface and Defense-in-Depth Metrics - July 2014

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Andy Meneely, Laurie Williams
Researchers: Kevin Campusano Gonzalez

HARD PROBLEM(S) ADDRESSED

• Security Metrics and Models - The project is to develop and analyze metrics that quantify the "shape" of a system's attack surface
• Scalability & Composability - The project delves uses call graph data beyond the attack surface to determine the risk of a given entry point
• Resilient Architectures - The project can be used to analyze large systems in terms of their inputs and outputs, providing information on the architecture of the system

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

None.

ACCOMPLISHMENT HIGHLIGHTS

While work has just begun, we have been making regular progress on building up our tool set and identifying open source case studies.