Visible to the public Attack Surface Identification and Reduction Model Applied in Scrum

TitleAttack Surface Identification and Reduction Model Applied in Scrum
Publication TypeConference Paper
Year of Publication2019
AuthorsYee, George O. M.
Conference Name2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Date PublishedJune 2019
ISBN Number978-1-7281-0229-0
Keywordsattack surface, attack surface identification, computer security, Data models, Identification, Metrics, pubcrawl, reduction, resilience, Resiliency, Scalability, scrum reduction model, security improvement, security of data, sensitive data, Serum, Software, software engineering, software prototyping, software security vulnerabilities, software system, Software systems, Surface treatment, visual model, visualization

Today's software is full of security vulnerabilities that invite attack. Attackers are especially drawn to software systems containing sensitive data. For such systems, this paper presents a modeling approach especially suited for Serum or other forms of agile development to identify and reduce the attack surface. The latter arises due to the locations containing sensitive data within the software system that are reachable by attackers. The approach reduces the attack surface by changing the design so that the number of such locations is reduced. The approach performs these changes on a visual model of the software system. The changes are then considered for application to the actual system to improve its security.

Citation Keyyee_attack_2019