Computer Science Department
School of Computer Science, Carnegie Mellon University


An Attack Surface Metric

Pratyusa Manadhata, Jeannette M. Wing

July 2005

Superceded by Computer Science Technical Report
CMU-CS-07-147 (April 2007)

New Version

Keywords: Security metric, entry point, exit point, attackability, attack class, attack surface, attack surface metric

We propose a metric to determine whether one version of a software system is more secure than another with respect to the system's attack surface. Rather than count bugs at the code level or count vulnerability reports at system level, we measure a system's attackability, i.e., how likely the system will be successfully attacked. We define the attack surface of a system in terms of the system's attackability along three abstract dimensions: method, data, and channel. Intuitively, the larger the attack surface, the more likely the system will be attacked, and hence the more insecure it is. We demonstrate the use of the attack surface metric by measuring and comparing the attack surface of two versions of a hypothetical IMAP server.

22 pages

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by