Abstract
We propose a metric for determining whether one version of a system is more secure than another with respcct to a fixed set of dimensions. Rather than count bugs at the code level or count vulnerability reports at the system level, we count a system's attack opportunities. We use this count as an indication of the system's “attackability,” likelihood that it will be successfully attacked. We describe a system's attack surface along three abstract dimensions: targets and enablers, channels and protocols, and access rights. Intuitively, the more exposed the system's surface, the more attack opportunities, and hence the more likely it will be a target of attack. Thus, one way to improve system security is to reduce its attack surface.
To validate our ideas, we recast Microsoft Security Bulletin MS02-005 using our terminology, and we show how Howard's Relative Attack Surface Quotient for Windows is an instance of our general metric.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallen, and Dawson Engler (2001). An empirical study of operating systems errors. In ACM Symposium on Operating Systems Principles, pages 73–88, October.
J. Gray (1990). A census of tandem system availability between 1985 and 1990. IEEE Transactions on Software Engineering, 39(4), October.
I. Lee and R. Iyer (1993). Faults, symptoms, and software fault tolerance in the tandem GUARDIAN operating system. In Proceedings of the International Symposium on Fault-Tolerant Computing.
M. Sullivan and R. Chillarge (1991). Software defects and their impact on system 118 availability. In Proceedings of the International Symposium on Fault-Tolerant Computing, June.
Security Focus. http://www.securityfocus.com/vulns/stats.shtml.
CERT. CERT/CC Advisories. http://www.cert.org/advisories/.
MITRE. Common Vulnerabilities and Exposures. http://www.cve.mitre.org/.
Microsoft TechNet (2001). Microsoft Internet Information Server 4.0 Security Checklist, July. http://www.microsoft.com/technet/security/tools/chklist/iischk.asp.
Microsoft TechNet (2000). Secure Internet Informations Services 5 Checklist, June. http://www.microsoft.com/technet/security/tools/chklist/iis5chk.asp.
Microsoft TechNet (2001). Microsoft Security Bulletin MS01033, June. http://www.microsoft.com/technet/security/bulletin/MS-01-033.asp.
Butler Lampson (1974). Protection. Operating Systems Review, 8(1): pages 18–24, January.
Information Week (2001). Windows 2000 Security Represents a Quantum Leap, April. http://www.informationweek.com/834/winsec.htm.
Michael Howard (2003). Fending OR Future Attacks by Reducing the Attack Surface, February. http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dncode/html/secure02132003.asp.
Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber (1992). Authentication in distributed systems: Theory and practice. ACM TOCS, 10(4):265–310, Novembe.
Microsoft Security Response Center. Security Bulletins. http://www.microsoft.com/technet/treeview/?url=/technet/security/current.asp?frame=true
Fred B. Schneider (1991). Trust in Cyberspace. National Academy Press, CSTB study edited by Schneider.
Shawn Butler (2003). Security Attribute and Evaluation Method. PhD thesis, Carnegie Mellon University, Pittsburgh, PA.
Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack (2002). Timing the application of security patches for optimal uptime. In 2002 LISA XVI, pages 101–110, November.
Hilary Browne, John McHugh, William Arbaugh, and William Fithen (2001). A trend analysis of exploitations. In IEEE Symposium on Security and Privacy, May. CS-TR-4200, UMIACS-TR-2000-76.
Jon Pincus and Jeannette M. Wing (2003). A Template for Microsoft Security Bulletins in Terms of an Attack Surface Model. Technical report, Microsoft Research, in progress.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer Science+Business Media, Inc.
About this chapter
Cite this chapter
Howard, M., Pincus, J., Wing, J.M. (2005). Measuring Relative Attack Surfaces. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds) Computer Security in the 21st Century. Springer, Boston, MA. https://doi.org/10.1007/0-387-24006-3_8
Download citation
DOI: https://doi.org/10.1007/0-387-24006-3_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24005-3
Online ISBN: 978-0-387-24006-0
eBook Packages: Computer ScienceComputer Science (R0)