Home // SECURWARE 2019, The Thirteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Reducing the Attack Surface for Private Data

Authors:
George O. M. Yee

Keywords: privacy, private data, breaches, attack surface identification, attack surface reduction

Abstract:
Breaches of private data have been occurring at an alarming rate, to the embarrassment and expense of companies that hold the data. It would appear that in each breach, the attack surface for the data has been sufficiently large to attract attackers. Reducing this attack surface is a way to lessen the likelihood of breaches. This paper presents methods for reducing the attack surface of private data held in the online computer systems of organizations. The methods are applied to a software system’s architecture early in the design process, as an approach for designing-in security. This work defines the attack surface for the data, and then uses this definition to obtain a formula for calculating the attack surface. The definition further leads to identifying methods that can be used to reduce the attack surface. Reducing the attack surface may not prevent breaches, but it will make them less likely to occur.

Pages: 28 to 34

Copyright: Copyright (c) IARIA, 2019

Publication date: October 27, 2019

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-746-7

Location: Nice, France

Dates: from October 27, 2019 to October 31, 2019