Attack Surface and Defense-in-Depth Metrics - July 2017

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Andy Meneely, Laurie Williams
Researchers: Nuthan Munaiah, Chris Theisen

HARD PROBLEM(S) ADDRESSED

• Security Metrics and Models - The project is to develop and analyze metrics that quantify the "shape" of a system's attack surface
• Scalability & Composability - The project delves uses call graph data beyond the attack surface to determine the risk of a given entry point
• Resilient Architectures - The project can be used to analyze large systems in terms of their inputs and outputs, providing information on the architecture of the system

PUBLICATIONS

• No new publications

ACCOMPLISHMENT HIGHLIGHTS

• We are wrapping up our systematic literature review on how the phrase "attack surface" is used in literature. This systematic literature review provides a unified definition of attack surfaces and will provide future researchers direction in this area.