In today's world, software is ubiquitous and relied upon to perform many important and critical functions. Unfortunately, software is riddled with security vulnerabilities that invite exploitation. Attackers are particularly attracted to software systems that hold sensitive data with the goal of compromising the data. For such systems, this paper proposes a modeling method applied at design time to identify and reduce the attack surface, which arises due to the locations containing sensitive data within the software system and the accessibility of those locations to attackers. The method reduces the attack surface by changing the design so that the number of such locations is reduced. The method performs these changes on a graphical model of the software system. The changes are then considered for application to the design of the actual system to improve its security.

Attack surface, Data, Location, Reduction, Sensitive, Software, System
dx.doi.org/10.1109/MiSE.2019.00016
11th IEEE/ACM International Workshop on Modelling in Software Engineering, MiSE 2019
Department of Systems and Computer Engineering

Yee, G.O.M. (2019). Modeling and reducing the attack surface in software systems. In Proceedings - 2019 IEEE/ACM 11th International Workshop on Modelling in Software Engineering, MiSE 2019 (pp. 55–62). doi:10.1109/MiSE.2019.00016