liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Visualizing Endpoint Security Technologies using Attack Trees
Linköping University, Department of Computer and Information Science.
2008 (English)Independent thesis Advanced level (degree of Master), 20 points / 30 hpStudent thesis
Abstract [en]

Software vulnerabilities in programs and malware deployments have been increasing almost every year since we started measuring them. Information about how to program securely, how malware shall be avoided and technological countermeasures for this are more available than ever. Still, the trend seems to favor the attacker. This thesis tries to visualize the effects of a selection of technological countermeasures that have been proposed by researchers. These countermeasures: non-executable memory, address randomization, system call interception and file integrity monitoring are described along with the attacks they are designed to defend against. The coverage of each countermeasure is then visualized with the help of attack trees. Attack trees are normally used for describing how systems can be attacked but here they instead serve the purpose of showing where in an attack a countermeasure takes effect. Using attack trees for this highlights a couple of important aspects of a security mechanism, such as how early in an attack it is effective and which variants of an attack it potentially defends against. This is done by the use of what we call defensive codes that describe how a defense mechanism counters a sub-goal in an attack. Unfortunately the whole process is not well formalized and depends on many uncertain factors.

Place, publisher, year, edition, pages
2008. , 77 p.
endpoint security, attack tree, memory corruption, non-executable memory, address randomization, system call interception
National Category
Computer Science
URN: urn:nbn:se:liu:diva-15509ISRN: LIU-IDA/LITH-EX-A--08/031--SEOAI: diva2:117447
Muhammad al-Khwarizmi, Linköpings universitet, 581 83 LINKÖPING (Swedish)
Available from: 2008-12-01 Created: 2008-11-13 Last updated: 2008-12-01Bibliographically approved

Open Access in DiVA

fulltext(474 kB)383 downloads
File information
File name FULLTEXT02.pdfFile size 474 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Pettersson, Stefan
By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 383 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 354 hits
ReferencesLink to record
Permanent link

Direct link