Technical Report 1120004

Title: The Shape and Size of Threats: Defining a Networked System's Attack Surface
Version (s): < 1 2 3 4 5 6 >
Obsoleted by published work
Authors: Eric Osterweil
Danny McPherson
Lixia Zhang
Date: 2014-07-11
Paper: Download here
Abstract: As more complex security services have been added to today's Internet, it becomes increasingly difficult to quantify their vulnerability to compromise. The concept of "attack surface" has emerged in recent years as a measure of such vulnerabilities, however systematically quantifying the attack surfaces of networked systems remains an open challenge. In this work we propose a methodology to both quantify the attack surface and visually represent semantically different components (or resources) of such systems by identifying their dependencies. To illustrate the efficacy of our methodology, we examine two real Internet standards (the X.509 CA verification system and DANE) as case studies. We believe this work represents a first step towards systemically modeling dependencies of (and interdependencies between) networked systems, and shows the usability benefits from leveraging existing services.
SHA256
fingerprint
0a8cd4d990567ab3b442b5274190727253606d6df9bf3151883c987256fa41ba
BibTeX:
@TECHREPORT{verisignlabs-tr-1120004-6,
                author = {Eric Osterweil and Danny McPherson and Lixia Zhang},
                title = {The Shape and Size of Threats: Defining a Networked System's Attack Surface},
                booktitle = {Verisign Labs Technical Reports},
                number = {1120004 version 6},
                year = {2014},
}

          

[Home]