Home // International Journal On Advances in Security, volume 13, numbers 3 and 4, 2020 // View article

Reducing the Attack Surface for Sensitive Data

Authors:
George O. M. Yee

Keywords: sensitive data, private data, breaches, attack surface identification, attack surface reduction

Abstract:
Breaches of sensitive data have been occurring at an alarming rate to the embarrassment and expense of companies. It would appear that in each breach, the attack surface for the data has been sufficiently large to attract attackers. Reducing this attack surface is a way to lessen the likelihood of breaches. This paper presents methods for reducing the attack surface of the data held in the online computer systems of organizations. The methods are applied to a software system’s architecture early in the design process, as an approach for designing-in security. This work first defines the attack surface and then uses this definition to obtain methods for reducing the attack surface. The definition also leads to a formula for calculating the size of the attack surface. The formula incorporates the fact that vulnerabilities differ within the architecture. This paper further gives recommendations on how to apply the methods effectively and illustrates this application using two examples. Reducing the attack surface may not prevent breaches, but it will make them less likely to occur.

Pages: 109 to 120

Copyright: Copyright (c) to authors, 2020. Used with permission.

Publication date: December 30, 2020

Published in: journal

ISSN: 1942-2636