Attack surface definitions: A systematic literature review

Lipner, 2004, The trustworthy computing security development lifecycle, 2 Howard, 2003, Fending Off Future Attacks by Reducing Attack Surface, 2003 Howard, 2004, Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users, 2004 Manadhata, 2004, Measuring a System’s Attack Surface Younis, 2014, Using attack surface entry points and reachability analysis to assess the risk of software vulnerability exploitability, 1 Munaiah, 2016, Beyond the attack surface: assessing security risk with random walks on call graphs, 3 Theisen, 2015, Approximating attack surfaces with stack traces, 199 Zhang, 2011, Identifying relevant studies in software engineering, Inf. Softw. Technol., 53, 625, 10.1016/j.infsof.2010.12.010 Kitchenham, 2009, Systematic literature reviews in software engineering - a systematic literature review, Inf. Softw. Technol., 51, 7, 10.1016/j.infsof.2008.09.009 Kitchenham, 2013, A systematic review of systematic review process research in software engineering, Inf. Softw. Technol., 55, 2049, 10.1016/j.infsof.2013.07.010 C.A. Cortes, Drilling tool with elements having diamond-studded attack surface. 1972. US Patent 3693735. Howard, 2003, Measuring relative attack surfaces Howard, 2003 Theisen, 2017, Risk-based attack surface approximation: how much data is enough?, 273 Younis, 2014, Using software structure to predict vulnerability exploitation potential, 13 Cohen, 1968, Weighted kappa: nominal scale agreement provision for scaled disagreement or partial credit., Psychol. Bull., 70, 213, 10.1037/h0026256 Manadhata, 2011, An attack surface metric, IEEE Trans. Softw. Eng., 37, 371, 10.1109/TSE.2010.60 Manadhata, 2006, Measuring the attack surfaces of two FTP daemons, 3 P.K. Manadhata, Y. Karabulut, J.M. Wing, Report: Measuring the Attack Surfaces of Enterprise Software, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 91–100. doi:10.1007/978-3-642-00199-4_8. Manadhata, 2008 Manadhata, 2007, An Approach to Measuring a System’s Attack Surface M. Howard, J. Pincus, J.M. Wing, Measuring Relative Attack Surfaces, Springer US, Boston, MA, pp. 109–137. doi:10.1007/0-387-24006-3_8. Younis, 2012, Relationship between attack surface and vulnerability density: a case study on Apache HTTP Server, 1 Brenneman, 2012, Improving Software Security by Identifying and Securing Paths Linking Attack Surface to Attack Target Bartel, 2012, Automatically securing permission-based software by reducing the attack surface: an application to android, 274 L. Wang, S. Jajodia, A. Singhal, S. Noel, k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 573–587. doi:10.1007/978-3-642-15497-3_35. Hahn, 2011, Cyber attack exposure evaluation framework for the smart grid, IEEE Trans. Smart Grid, 2, 835, 10.1109/TSG.2011.2163829 Parrend, 2009, Security benchmarks of OSGi platforms: toward hardened OSGi, Software, 39, 471 P. Finnigan, User Security, Apress, Berkeley, CA, pp. 467–505. doi:10.1007/978-1-4302-2669-7_14. Manadhata, 2007, A Formal Model for A System’s Attack Surface Y. Huang, A.K. Ghosh, Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services, Springer New York, New York, NY, pp. 131–151. doi:10.1007/978-1-4614-0977-9_8. Bickford, 2011, Security versus energy tradeoffs in host-based mobile malware detection, 225 Sean, 2012, Augmenting vulnerability analysis of binary code, 199 Fiondella, 2012, Uncovering Weaknesses in Code With Cyclomatic Path Analysis, CrossTalk, 9 Ouchani, 2013, A security risk assessment framework for SysML activity diagrams, 227 A. Bouard, J. Schanda, D. Herrscher, C. Eckert, Automotive Proxy-Based Security Architecture for CE Device Integration, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 62–76. doi:10.1007/978-3-642-36660-4_5. Q. Zhu, T. Başar, Game-Theoretic Approach to Feedback-Driven Multi-stage Moving Target Defense, Springer International Publishing, Cham, pp. 246–263. doi:10.1007/978-3-319-02786-9_15. J. Serrano, E. Cesar, E. Heymann, B. Miller, Increasing Automated Vulnerability Assessment Accuracy on Cloud and Grid Middleware, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 278–294. doi:10.1007/978-3-642-38033-4_20. Z. Han, L. Cheng, Y. Zhang, D. Feng, Measuring and Comparing the Protection Quality in Different Operating Systems, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 642–648. doi:10.1007/978-3-642-38631-2_51. Peng, 2014, A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces, 804 A. Kurmus, S. Dechand, R. Kapitza, Quantifiable Run-Time Kernel Attack Surface Reduction, Springer International Publishing, Cham, pp. 212–234. doi:10.1007/978-3-319-08509-8_12. Osterweil, 2014, The shape and size of threats: defining a networked system’s attack surface, 636 Kar, 2015, “A Game of Thrones”: when human behavior models compete in repeated Stackelberg security games, 1381 B. Ford, T. Nguyen, M. Tambe, N. Sintov, F.D. Fave, Beware the Soothsayer: From Attack Prediction Accuracy to Predictive Reliability in Security Games, Springer International Publishing, Cham, pp. 35–56. doi:10.1007/978-3-319-25594-1_3. Bodeau, 2015, Cyber Resiliency Engineering Aid - The Updated Cyber Resiliency Engineering Framework and Guidance on Applying Cyber Resiliency Techniques W. Bryant, Cyberspace Resiliency: Springing Back with the Bamboo, Springer International Publishing, Cham, pp. 1–17. doi:10.1007/978-3-319-23585-1_1. Kar, 2015, Learning bounded rationality models of the adversary in repeated Stackelberg security games UcedaVélez, 2015 Command, 2015, U.S. Fleet Cyber Command/TENTH Fleet Strategic Plan 2015 2020 Bellovin, 2016, Attack surfaces, IEEE Secur. Priv., 14, 10.1109/MSP.2016.55 Wheatley, 2016, The extreme risk of personal data breaches and the erosion of privacy, Eur. Phys. J. B, 89, 7, 10.1140/epjb/e2015-60754-4 Manadhata, 2005, An Attack Surface Metric Manadhata, 2006, An attack surface metric Howard, 2006, 8 Manadhata, 2008, Measuring the Attack Surfaces of SAP Business Applications T. Heumann, S. Türpe, J. Keller, Quantifying the attack surface of a web application. in: Sicherheit, 2010, pp. 305–316. Chin, 2011, Analyzing inter-application communication in android, 239 J. Bird, J. Manico, Attack Surface Analysis Cheat Sheet, 2015, https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet. P.K. Manadhata, J.M. Wing, A Formal Model for a System’s Attack Surface, Springer New York, New York, NY, pp. 1–28. 10.1007/978-1-4614-0977-9_1. Martin, 2014 Northcutt, 2011 Knapp, 2013 J. Kasten, E. Wustrow, J.A. Halderman, CAge: Taming Certificate Authorities by Inferring Restricted Scopes, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 329–337. doi:10.1007/978-3-642-39884-1_28. Gruschka, 2010, Attack surfaces: a taxonomy for attacks on cloud services, 276