a formal strongmodelstrong for a strongsystemsstrong attack surface - hpl.hp.com.pdf

A Formal Model for A Systems Attack Surface Pratyusa K. Manadhata, Jeannette M. Wing HP Laboratories HPL-2011-115 Keyword(s): attack surface; attack surface metric; io automata; security metrics; Abstract: Practical software security metrics and measurements are essential for secure software development. In this chapter, we introduce the measure of a software systems attack surface as an indicator of the systems security. The larger the attack surface, the more insecure the system. We formalize the notion of a systems attack surface using an I/O automata model of the system and introduce an attack surface metric to measure the attack surface in a systematic manner. Our metric is agnostic to a software systems implementation language and is applicable to systems of all sizes. Software developers can use the metric in multiple phases of the software development process to improve software security. Similarly, software consumers can use the metric in their decision making process to compare alternative software. External Posting Date: August 6, 2011 [Fulltext] Approved for External Publication Internal Posting Date: August 6, 2011 [Fulltext]  Copyright 2011 Hewlett-Packard Development Company, L.P. A Formal Model for a System’s Attack Surface Pratyusa K. Manadhata and Jeannette M. Wing Abstract Practical software security metrics and measurements are essential for secure software development. In this chapter, we introduce the measure of a software system’s attack surface as an indicator of the system’s security. The larger the attack surface, the more insecure the system. We formalize the notion of a system’s attack surface using an I/O automata model of the system and introduce an attack surface metric to measure the attack surface in a systematic manner. Our metric is agnostic to a software system’s implementation language and is applicable to systems of all sizes. Software developers can