Characterizing the 'Security Vulnerability Likelihood' of Software Functions
ICSM '03 Proceedings of the International Conference on Software Maintenance
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Assessing procedural risks and threats in e-voting: challenges and an approach
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
Software consumers often need to choose between different software that provide the same functionality. Today, security is a quality that many consumers, especially system administrators, care about and will use in choosing one soft- ware system over another. An attack surface metric is a security metric for comparing the relative security of similar software systems [7]. The measure of a system's attack surface is an indicator of the system's security: given two systems, we compare their attack surface measurements to decide whether one is more secure than another along each of the following three dimensions: methods, channels, and data. In this paper, we use the attack surface metric to measure the attack surfaces of two open source FTP daemons: ProFTPD 1.2.10 and Wu-FTPD 2.6.2. Our measurements show that ProFTPD is more secure along the method dimension, ProFTPD is as secure as Wu-FTPD along the channel dimension, and Wu-FTPD is more secure along the data dimension. We also demonstrate how software consumers can use the attack surface metric in making a choice between the two FTP daemons.