Risk-based attack surface approximation: poster

Proceedings of the Symposium and Bootcamp on the Science of Security Pub Date : 2016-04-19 DOI:10.1145/2898375.2898388

Christopher Theisen, L. Williams

{"title":"Risk-based attack surface approximation: poster","authors":"Christopher Theisen, L. Williams","doi":"10.1145/2898375.2898388","DOIUrl":null,"url":null,"abstract":"Proactive security review and test efforts are a necessary component of the software development lifecycle. Since resource limitations often preclude reviewing, testing and fortifying the entire code base, prioritizing what code to review/test can improve a team's ability to find and remove more vulnerabilities that are reachable by an attacker. One way that professionals perform this prioritization is the identification of the attack surface of software systems. However, identifying the attack surface of a software system is non-trivial. The goal of this poster is to present the concept of a risk-based attack surface approximation based on crash dump stack traces for the prioritization of security code rework efforts. For this poster, we will present results from previous efforts in the attack surface approximation space, including studies on its effectiveness in approximating security relevant code for Windows and Firefox. We will also discuss future research directions for attack surface approximation, including discovery of additional metrics from stack traces and determining how many stack traces are required for a good approximation.","PeriodicalId":163427,"journal":{"name":"Proceedings of the Symposium and Bootcamp on the Science of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium and Bootcamp on the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2898375.2898388","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Proactive security review and test efforts are a necessary component of the software development lifecycle. Since resource limitations often preclude reviewing, testing and fortifying the entire code base, prioritizing what code to review/test can improve a team's ability to find and remove more vulnerabilities that are reachable by an attacker. One way that professionals perform this prioritization is the identification of the attack surface of software systems. However, identifying the attack surface of a software system is non-trivial. The goal of this poster is to present the concept of a risk-based attack surface approximation based on crash dump stack traces for the prioritization of security code rework efforts. For this poster, we will present results from previous efforts in the attack surface approximation space, including studies on its effectiveness in approximating security relevant code for Windows and Firefox. We will also discuss future research directions for attack surface approximation, including discovery of additional metrics from stack traces and determining how many stack traces are required for a good approximation.

查看原文本刊更多论文

基于风险的攻击面近似:海报

主动的安全性审查和测试工作是软件开发生命周期的必要组成部分。由于资源限制常常妨碍审查、测试和加强整个代码库，因此优先考虑审查/测试的代码可以提高团队发现和消除攻击者可以到达的更多漏洞的能力。专业人员执行这种优先级排序的一种方法是识别软件系统的攻击面。然而，识别软件系统的攻击面并非易事。这张海报的目标是介绍基于崩溃转储堆栈跟踪的基于风险的攻击面近似的概念，以确定安全代码返工的优先级。在这张海报中，我们将展示之前在攻击面近似领域的研究成果，包括对其在近似Windows和Firefox安全相关代码方面的有效性的研究。我们还将讨论攻击面逼近的未来研究方向，包括从堆栈跟踪中发现额外的指标，并确定需要多少堆栈跟踪才能实现良好的逼近。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Symposium and Bootcamp on the Science of Security

自引率

0.00%

发文量