Minimize Software Attack Surfaces for Stronger Security

May, 2008

IT security professionals understand that no software program is completely secure. Too often, systems that were thought to be secure are penetrated by individuals who discover and exploit latent vulnerabilities. The simple truth is that if IT systems are available on a network, then they are vulnerable to attack. However, although there is no such thing as invulnerable code, it is possible to make systems more secure. One method of doing so is to assess and minimize a system’s attack surface.

This Research Byte is a summary of our full report, Mitigating Security Threats by Minimizing Software Attack Surfaces.

Attack-surface analysis is a complicated subject that primarily involves methods for measuring the vulnerability of software to attack. At a conceptual level, these methods are straightforward and useful. The more entry points there are into a system, the more vulnerable the system is. The more exit points, or ways through which information can leave the system, the more vulnerable the data is. Just adding up the number of resources that provide entry and exit points can provide some perspective on vulnerabilities, but it is a somewhat simplistic approach. The complexity of the situation arises when attempting to determine how damaging the exploitation of a particular entry or exit point can be. A resource such as an application programming interface (API) that provides root privileges is probably a larger threat than a resource without access to such privileges. Putting aside the issue of complexity (for now), a system’s attack surface is generally defined as all the points through which data can enter or exit that system.

While attack-surface analysis is being deployed by some software developers, such as Microsoft, to reduce the vulnerability of applications and operating systems, the concept also has important implications for IT organizations engaged in assessing, managing, and securing their IT systems. A general overview of the attack-surface concept is provided in Figure 1.

AttackSurface Fig1 - Minimize Software Attack Surfaces for Stronger Security

The full version of this report provides a conceptual understanding of what is meant by an “attack surface” and explores how IT organizations can use this concept to improve security, not only of the applications they develop, but also the applications and operating systems they purchase, modify, and deploy. We conclude by recommending best practices for limiting attack opportunities on IT systems.

Even though attack surface theory is still in the early stages, its principles can be invoked to better protect software today. By keeping the size of the attack surface low, viewing all default settings skeptically, and limiting what untrusted users can do, managers can reduce the likelihood of hackers damaging their systems.

This Research Byte is a brief overview of our report on this subject, Mitigating Security Threats by Minimizing Software Attack Surfaces. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website at (click for pricing).