Visualizing Endpoint Security Technologies using Attack Trees
Independent thesis Advanced level (degree of Master), 20 points / 30 hpStudent thesis
Software vulnerabilities in programs and malware deployments have been increasing almost every year since we started measuring them. Information about how to program securely, how malware shall be avoided and technological countermeasures for this are more available than ever. Still, the trend seems to favor the attacker. This thesis tries to visualize the effects of a selection of technological countermeasures that have been proposed by researchers. These countermeasures: non-executable memory, address randomization, system call interception and file integrity monitoring are described along with the attacks they are designed to defend against. The coverage of each countermeasure is then visualized with the help of attack trees. Attack trees are normally used for describing how systems can be attacked but here they instead serve the purpose of showing where in an attack a countermeasure takes effect. Using attack trees for this highlights a couple of important aspects of a security mechanism, such as how early in an attack it is effective and which variants of an attack it potentially defends against. This is done by the use of what we call defensive codes that describe how a defense mechanism counters a sub-goal in an attack. Unfortunately the whole process is not well formalized and depends on many uncertain factors.
Place, publisher, year, edition, pages
2008. , 77 p.
endpoint security, attack tree, memory corruption, non-executable memory, address randomization, system call interception
IdentifiersURN: urn:nbn:se:liu:diva-15509ISRN: LIU-IDA/LITH-EX-A--08/031--SEOAI: oai:DiVA.org:liu-15509DiVA: diva2:117447
Muhammad al-Khwarizmi, Linköpings universitet, 581 83 LINKÖPING (Swedish)
Shahmehri, Nahid, Prof.