Report: Measuring the Attack Surfaces of Enterprise Software

13 years 11 months ago

Download www.cs.cmu.edu

Abstract. Software vendors are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. In this paper, we apply a method for measuring attack surfaces to enterprise software written in Java. We implement a tool as an Eclipse plugin to measure an SAP software system’s attack surface in an automated manner. We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system. We envision our measurement method and tool to be useful to software developers for improving software security and quality.

Pratyusa K. Manadhata, Yücel Karabulut, Jeann

Real-time Traffic

Attack Surfaces | ESSOS 2009 | SAP Software System | Software | Software Engineering |

claim paper

» Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems

» Modeling bug report quality

» Measuring the Effectiveness of Honeypot CounterCounterdeception

» The effectiveness of source code obfuscation An experimental assessment

» TeslaTouch electrovibration for touch surfaces

» Documentum ECI selfrepairing wrappers performance analysis

» Dynamic prioritization of database queries

» POLUS A POwerful Live Updating System

Post Info
More Details (n/a)

Added	19 May 2010
Updated	19 May 2010
Type	Conference
Year	2009
Where	ESSOS
Authors	Pratyusa K. Manadhata, Yücel Karabulut, Jeannette M. Wing

Comments (0)

Sciweavers

Report: Measuring the Attack Surfaces of Enterprise Software

Attack Surfaces | ESSOS 2009 | SAP Software System | Software | Software Engineering |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers