In today's world, software is ubiquitous and relied upon to perform many important and critical functions. Unfortunately, software is riddled with security vulnerabilities that invite exploitation. Attackers are particularly attracted to software systems that hold sensitive data with the goal of compromising the data. For such systems, this paper proposes a modeling method applied at design time to identify and reduce the attack surface, which arises due to the locations containing sensitive data within the software system and the accessibility of those locations to attackers. The method reduces the attack surface by changing the design so that the number of such locations is reduced. The method performs these changes on a graphical model of the software system. The changes are then considered for application to the design of the actual system to improve its security.

Additional Metadata
Keywords Attack surface, Data, Location, Reduction, Sensitive, Software, System
Persistent URL
Conference 11th IEEE/ACM International Workshop on Modelling in Software Engineering, MiSE 2019
Yee, G.O.M. (2019). Modeling and reducing the attack surface in software systems. In Proceedings - 2019 IEEE/ACM 11th International Workshop on Modelling in Software Engineering, MiSE 2019 (pp. 55–62). doi:10.1109/MiSE.2019.00016