Pratyusa Manadhata Jeannette M. Wing January 2004 CMU-CS-04-102 School of...  Home/Search
Context Related
| cmu.edu/%7Ewing/publicat...tr04102.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: cmu.edu/afs/cs/usr/wing/w...index (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: We propose a metric to determine whether one version of a system is relatively more secure than another with respect to the system's attack surface. Intuitively, the more exposed the attack surface, the more likely the system could be successfully attacked, and hence the more insecure it is. We define an attack surface in terms of the system's actions that are externally visible to its users and the system's resources that each action accesses or modifies. To apply our metric in practice,... (Update)
Cited by: More
An Attack Surface Metric - Pratyusa Manadhata And (2005) (Correct)
Measuring the Attack Surfaces of Two FTP Daemons - Pratyusa Manadhata Jeannette (Correct)
Automatic Discovery of API-Level Vulnerabilities - Sanjit (Correct)
Active bibliography (related documents): More All
2.1: Measuring a System's Attack Surface - Pratyusa Manadhata Pratyus (2004) (Correct)
0.1: MOPS: an Infrastructure for Examining Security Properties of.. - Chen, Wagner (2002) (Correct)
0.1: Type Qualifiers: Lightweight Specifications to Improve Software.. - Foster (2002) (Correct)
Similar documents based on text:
0.0: Unknown - (Correct)
Related documents from co-citation: More All
4: Measuring Relative Attack Surfaces - Howard, Pincus et al. - 2003
3: Future Attacks by Reducing Attack Surface (context) - Howard
2: Security Attribute Evaluation Method: A Cost Benefit Approach (context) - Shawn - 2002
BibTeX entry: (Update)
P. Manadhata and J. M. Wing. Measuring a system's attack surface. Technical Report CMU-CS-04-102, Computer Science Department, Carnegie Mellon University, January 2004. http://citeseer.ist.psu.edu/article/manadhata04measuring.html More
@misc{ manadhata04measuring,
author = "P. Manadhata and J. Wing",
title = "Measuring a system's attack surface",
text = "P. Manadhata and J. M. Wing. Measuring a system's attack surface. Technical
Report CMU-CS-04-102, Computer Science Department, Carnegie Mellon University,
January 2004.",
year = "2004",
url = "citeseer.ist.psu.edu/article/manadhata04measuring.html" }
Citations (may not include all citations):145 ACM Transactions on Programming Languages and Systems (context) - Liskov, Wing et al. - 1994
105 State Transition Analysis: A Rule-Based Intrusion Detection .. - Ilgun, Kemmerer et al. - 1995
100 Checking System Rules Using System-Specific (context) - Engler, Chelf et al. - 2000
67 Bugs as Deviant Behavior: A General Approach to Inferring Er.. - Engler, Chen et al. - 2001
45 ACM Transactions on Information and System Security (context) - Schneider, Policies - 2000
32 STATL: An Attack Language for State-based Intrusion Detectio.. - Eckmann, Vigna et al. - 2002
31 A First Step Towards Automated Detection of Bu#er Overrun Vu.. (context) - Wagner, rey et al. - 2000
29 ACM Operating Systems Review (context) - Lampson - 1974
19 Experimenting with Quantitative Evaluation Tools for Monitor.. - Ortalo, Deswarte et al. - 1999
16 Towards Operational Measures of Computer Security - Littlewood, Brocklehurst et al. - 1993
14 Timing the Application of Security Patches for Optimal Uptim.. - Beattie, Arnold et al. - 2002
14 On Measurement of Operational Security - Brocklehurst, Littlewood et al. - 1994
12 Privilege Graph: An extension to the Typed Access Matrix Mod.. (context) - Dacier, Deswarte - 1994
10 Defining an Adaptive Software Security Metric from a Dynamic.. (context) - Voas, Ghosh et al. - 1996
7 Using CQUAL for Static Analysis of Authorization Hook Placem.. (context) - Zhang, Edwards et al. - 2002
6 Measuring Relative Attack Surfaces - Howard, Pincus et al. - 2003
4 Future Attacks by Reducing Attack Surface (context) - Howard
4 Assessing Computer Security Vulnerability (context) - Alves-Foss, Barbosa - 1995
2 Workshop on Foundations of Computer Security (context) - Bauer, Ligatti et al. - 2002
2 IEEE Symposium on Security and Privacy (context) - Browne, McHugh et al. - 2001
http://www.securityfocus.com/archive/1
Documents on the same site (http://www.cs.cmu.edu/afs/cs/usr/wing/www/publications/index.html): More
Unintrusive Ways to Integrate Formal Specifications in Practice - Wing, Zaremski (1991) (Correct)
A Library of Concurrent Objects and Their Proofs of Correctness - Chun Gong And (1990) (Correct)
A Nitpick Analysis of Mobile IPv6 - Jackson, Ng, Wing (1999) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC