Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2009: Engineering Secure Software and Systems pp 91–100Cite as

Report: Measuring the Attack Surfaces of Enterprise Software

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5429))

Abstract

Software vendors are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. In this paper, we apply a method for measuring attack surfaces to enterprise software written in Java. We implement a tool as an Eclipse plugin to measure an SAP software system’s attack surface in an automated manner. We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system. We envision our measurement method and tool to be useful to software developers for improving software security and quality.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Howard, M.: Fending off future attacks by reducing attack surface (2003), http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure02132003.asp

  2. Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Proc. of Workshop on Advanced Developments in Software and Systems Security (2003)

    Google Scholar 

  3. Manadhata, P.K., Kaynar, D.K., Wing, J.M.: A formal model for a system’s attack surface. Technical Report CMU-CS-07-144, CMU (July 2007)

    Google Scholar 

  4. Ag, S.: NetWeaver, http://www.sap.com/platform/netweaver/index.epx

  5. Eclipse: Eclipse - An open development platform, http://www.eclipse.org/

  6. Sharp, M., Sawin, J., Rountev, A.: Building a whole-program type analysis in Eclipse. In: Eclipse Technology Exchange Workshop at OOPSLA, pp. 6–10 (2005)

    Google Scholar 

  7. Eclipse: Eclipse package org.eclipse.jdt.internal.corext.callhierarchy, http://mobius.inria.fr/eclipse-doc/org/eclipse/jdt/internal/corext/callhierarchy/package-summary.html

  8. Manadhata, P.K., Tan, K.M., Maxion, R.A., Wing, J.M.: An approach to measuring a system’s attack surface. Technical Report CMU-CS-07-146, CMU (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon Univeristy, Pittsburgh, PA, USA

    Pratyusa K. Manadhata & Jeannette M. Wing

  2. SAP Research, Palo Alto, CA, USA

    Yuecel Karabulut

Authors
  1. Pratyusa K. Manadhata
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuecel Karabulut
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeannette M. Wing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Trento, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, James Madison University, VA 22807, Harrisonburg, USA

    Samuel T. Redwine Jr.

  3. Department of Computer Science, University of Toronto, ON, Canada

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Manadhata, P.K., Karabulut, Y., Wing, J.M. (2009). Report: Measuring the Attack Surfaces of Enterprise Software. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00199-4_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00198-7

  • Online ISBN: 978-3-642-00199-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation