TY - GEN
T1 - Designing for attack surfaces
T2 - 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015
AU - Jaeger, Trent
AU - Ge, Xinyang
AU - Muthukumaran, Divya
AU - Rueda, Sandra
AU - Schiffman, Joshua
AU - Vijayakumar, Hayawardh
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party’s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.
AB - It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party’s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.
UR - http://www.scopus.com/inward/record.url?scp=84950335949&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84950335949&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-24126-5_4
DO - 10.1007/978-3-319-24126-5_4
M3 - Conference contribution
AN - SCOPUS:84950335949
SN - 9783319241258
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 55
EP - 74
BT - Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings
A2 - Chakraborty, Rajat Subhra
A2 - Schwabe, Peter
A2 - Solworth, Jon
PB - Springer Verlag
Y2 - 3 October 2015 through 7 October 2015
ER -