Designing for attack surfaces: Keep your friends close, but your enemies closer

Trent Jaeger; Xinyang Ge; Divya Muthukumaran; Sandra Rueda; Joshua Schiffman; Hayawardh Vijayakumar

doi:10.1007/978-3-319-24126-5_4

Designing for attack surfaces: Keep your friends close, but your enemies closer

Trent Jaeger, Xinyang Ge, Divya Muthukumaran, Sandra Rueda, Joshua Schiffman, Hayawardh Vijayakumar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party’s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.

Original language	English (US)
Title of host publication	Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings
Editors	Rajat Subhra Chakraborty, Peter Schwabe, Jon Solworth
Publisher	Springer Verlag
Pages	55-74
Number of pages	20
ISBN (Print)	9783319241258
DOIs	https://doi.org/10.1007/978-3-319-24126-5_4
State	Published - 2015
Event	5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015 - Jaipur, India Duration: Oct 3 2015 → Oct 7 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9354
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015
Country/Territory	India
City	Jaipur
Period	10/3/15 → 10/7/15

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-24126-5_4

Cite this

Jaeger, T., Ge, X., Muthukumaran, D., Rueda, S., Schiffman, J., & Vijayakumar, H. (2015). Designing for attack surfaces: Keep your friends close, but your enemies closer. In R. S. Chakraborty, P. Schwabe, & J. Solworth (Eds.), Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings (pp. 55-74). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9354). Springer Verlag. https://doi.org/10.1007/978-3-319-24126-5_4

Jaeger, Trent ; Ge, Xinyang ; Muthukumaran, Divya et al. / Designing for attack surfaces : Keep your friends close, but your enemies closer. Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings. editor / Rajat Subhra Chakraborty ; Peter Schwabe ; Jon Solworth. Springer Verlag, 2015. pp. 55-74 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{11152ff4d94e4ce9a8882753d9644778,

title = "Designing for attack surfaces: Keep your friends close, but your enemies closer",

abstract = "It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party{\textquoteright}s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.",

author = "Trent Jaeger and Xinyang Ge and Divya Muthukumaran and Sandra Rueda and Joshua Schiffman and Hayawardh Vijayakumar",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015 ; Conference date: 03-10-2015 Through 07-10-2015",

year = "2015",

doi = "10.1007/978-3-319-24126-5_4",

language = "English (US)",

isbn = "9783319241258",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "55--74",

editor = "Chakraborty, {Rajat Subhra} and Peter Schwabe and Jon Solworth",

booktitle = "Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings",

address = "Germany",

}

Jaeger, T, Ge, X, Muthukumaran, D, Rueda, S, Schiffman, J & Vijayakumar, H 2015, Designing for attack surfaces: Keep your friends close, but your enemies closer. in RS Chakraborty, P Schwabe & J Solworth (eds), Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9354, Springer Verlag, pp. 55-74, 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015, Jaipur, India, 10/3/15. https://doi.org/10.1007/978-3-319-24126-5_4

Designing for attack surfaces: Keep your friends close, but your enemies closer. / Jaeger, Trent; Ge, Xinyang; Muthukumaran, Divya et al.
Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings. ed. / Rajat Subhra Chakraborty; Peter Schwabe; Jon Solworth. Springer Verlag, 2015. p. 55-74 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9354).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Designing for attack surfaces

T2 - 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2015

AU - Jaeger, Trent

AU - Ge, Xinyang

AU - Muthukumaran, Divya

AU - Rueda, Sandra

AU - Schiffman, Joshua

AU - Vijayakumar, Hayawardh

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party’s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.

AB - It is no surprise to say that attackers have the upper hand on security practitioners today when it comes to host security. There are several causes for this problem ranging from unsafe programming languages to the complexity of modern systems at large, but fundamentally, all of the parties involved in constructing and deploying systems lack a methodology for reasoning about the security impact of their design decisions. Previous position papers have focused on identifying particular parties as being “enemies” of security (e. g., users and application developers), and proposed removing their ability to make securityrelevant decisions. In this position paper, we take this approach a step further by “keeping the enemies closer,” whereby the security ramifications of design and deployment decisions of all parties must be evaluated to determine if they violate security requirements or are inconsistent with other party’s assumptions. We propose a methodology whereby application developers, OS distributors, and system administrators propose, evaluate, repair, and test their artifacts to provide a defensible attack surface, the set of entry points available to an attacker. We propose the use of a hierarchical state machine (HSM) model as a foundation for automatically evaluating attack surfaces for programs, OS access control policies, and network policies. We examine how the methodology tasks can be expressed as problems in the HSM model for each artifact, motivating the possibility of a comprehensive, coherent, and mostly-automated methodology for deploying systems to manage accessibility to attackers.

UR - http://www.scopus.com/inward/record.url?scp=84950335949&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950335949&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24126-5_4

DO - 10.1007/978-3-319-24126-5_4

M3 - Conference contribution

AN - SCOPUS:84950335949

SN - 9783319241258

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 55

EP - 74

BT - Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings

A2 - Chakraborty, Rajat Subhra

A2 - Schwabe, Peter

A2 - Solworth, Jon

PB - Springer Verlag

Y2 - 3 October 2015 through 7 October 2015

ER -

Jaeger T, Ge X, Muthukumaran D, Rueda S, Schiffman J, Vijayakumar H. Designing for attack surfaces: Keep your friends close, but your enemies closer. In Chakraborty RS, Schwabe P, Solworth J, editors, Security, Privacy, and Applied Cryptography Engineering - 5th International Conference, SPACE 2015, Proceedings. Springer Verlag. 2015. p. 55-74. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-24126-5_4

Designing for attack surfaces: Keep your friends close, but your enemies closer

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this