Today's software is full of security vulnerabilities that invite attack. Attackers are especially drawn to software systems containing sensitive data. For such systems, this paper presents a modeling approach especially suited for Serum or other forms of agile development to identify and reduce the attack surface. The latter arises due to the locations containing sensitive data within the software system that are reachable by attackers. The approach reduces the attack surface by changing the design so that the number of such locations is reduced. The approach performs these changes on a visual model of the software system. The changes are then considered for application to the actual system to improve its security.

Additional Metadata
Keywords Attack surface, Identification, Reduction, Sensitive data, Serum, Software
Persistent URL dx.doi.org/10.1109/CyberSecPODS.2019.8884956
Conference 5th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019
Citation
Yee, G.O.M. (2019). Attack surface identification and reduction model applied in scrum. In 2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019. doi:10.1109/CyberSecPODS.2019.8884956