liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Visualizing Endpoint Security Technologies using Attack Trees
Linköping University, Department of Computer and Information Science.
2008 (English)Independent thesis Advanced level (degree of Master), 20 points / 30 hpStudent thesis
Abstract [en]

Software vulnerabilities in programs and malware deployments have been increasing almost every year since we started measuring them. Information about how to program securely, how malware shall be avoided and technological countermeasures for this are more available than ever. Still, the trend seems to favor the attacker. This thesis tries to visualize the effects of a selection of technological countermeasures that have been proposed by researchers. These countermeasures: non-executable memory, address randomization, system call interception and file integrity monitoring are described along with the attacks they are designed to defend against. The coverage of each countermeasure is then visualized with the help of attack trees. Attack trees are normally used for describing how systems can be attacked but here they instead serve the purpose of showing where in an attack a countermeasure takes effect. Using attack trees for this highlights a couple of important aspects of a security mechanism, such as how early in an attack it is effective and which variants of an attack it potentially defends against. This is done by the use of what we call defensive codes that describe how a defense mechanism counters a sub-goal in an attack. Unfortunately the whole process is not well formalized and depends on many uncertain factors.

Place, publisher, year, edition, pages
2008. , 77 p.
Keyword
endpoint security, attack tree, memory corruption, non-executable memory, address randomization, system call interception
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-15509ISRN: LIU-IDA/LITH-EX-A--08/031--SEOAI: oai:DiVA.org:liu-15509DiVA: diva2:117447
Presentation
Muhammad al-Khwarizmi, Linköpings universitet, 581 83 LINKÖPING (Swedish)
Uppsok
teknik
Supervisors
Examiners
Available from: 2008-12-01 Created: 2008-11-13 Last updated: 2008-12-01Bibliographically approved

Open Access in DiVA

fulltext(474 kB)417 downloads
File information
File name FULLTEXT02.pdfFile size 474 kBChecksum SHA-512
552efd3aaefe0fe926d0db049d50487db191eb0a11e64da0d0a77a261c61cb7a0c635bb78e0da3ec37a929cb182d60fd8cb44f7cd379874b8c56822fd60b1466
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Pettersson, Stefan
By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 417 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 898 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf