ABSTRACT:

Despite a growing number of threats, the software engineering community still faces a critical deficit of trained security professionals for defending against cyber attacks. To combat this shortage, efficient prioritization of the effort of security professionals is needed. To address this issue, we present Risk Based Attack Surface Approximation (RASA), which uses crash dump stack traces to approximate the attack surface of a system.

In our poster, we will describe several RASA metrics that could help security effort prioritization. These metrics include temporal metrics (how the attack surface changes over time), shape metrics (how code artifacts are interconnected), and depth metrics (how far code artifacts are from the entry and exit points of a system)