Visible to the public Attack Surface and Defense-in-Depth Metrics - July 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Andy Meneely, Laurie Williams
Researchers: Nuthan Munaiah, Chris Theisen


  • Security Metrics and Models - The project is to develop and analyze metrics that quantify the "shape" of a system's attack surface
  • Scalability & Composability - The project delves uses call graph data beyond the attack surface to determine the risk of a given entry point
  • Resilient Architectures - The project can be used to analyze large systems in terms of their inputs and outputs, providing information on the architecture of the system


  • No new publications


  • We are wrapping up our systematic literature review on how the phrase "attack surface" is used in literature. This systematic literature review provides a unified definition of attack surfaces and will provide future researchers direction in this area.