Τεχνικές ανίχνευσης rootkit και ανάπτυξη εφαρμογής για την αφαίρεσή του

Κοζυράκης, Ιωάννης - Μάριος

18 June 2009

Τα rootkit επιτρέπουν στον επιτιθέμενο χρήστη να συνεχίσει να έχει πρόσβαση σε ήδη παραβιασμένο σύστημα για μεγάλο χρονικό διάστημα μετά την παραβίαση, χωρίς να γίνει αντιληπτός από τον νόμιμο διαχειριστή. Στην εργασία αυτή αναλύ- θηκαν οι διάφορες τεχνικές οι οποίες χρησιμοποιούνται από τους επιτιθέμενους, με έμφαση στα rootkits επιπέδου πυρήνα, και αναπτύχθηκε πρόγραμμα rootkit το οποίο κάνει χρήση προηγμένων τεχνικών οι οποίες του επιτρέπουν τη λειτουρ- γία ακόμη και στις νεότερες εκδόσεις του πυρήνα. Στη συνέχεια αναλύθηκαν οι τεχνικές ανίχνευσης και αναπτύχθηκε εφαρμογή ανίχνευσης δυο διαφορετικών κατηγοριών rootkit. Η εφαρμογή έχει επίσης τη δυνατότητα να εξουδετερώσει τα rootkit της πρώτης κατηγορίας έτσι ώστε να αποκατασταθεί το σύστημα. / -

Ασφάλεια υπολογιστών

005.84

Rootkit

Computer security

On shared systems

Jacob, Jeremy

January 1987

Most computing systems are shared between users of various kinds. This thesis treats such systems as mathematical objects, and investigates two of their properties: refinement and security. The first is the analysis of the conditions under which one shared system can be replaced by another, the second the determination of a measure of the information flow through a shared system. Under the heading of refinement we show what it means for one shared system to be a suitable replacement for another, both in an environment of co-operating users and in an environment of independent users. Both refine- ment relations are investigated, and a large example is given to demonstrate the relation for cooperating users. We show how to represent the security of a shared system as an 'inference function', and define several security properties in terms of such functions. A partial order is defined on systems, with the meaning 'at least as secure as'. We generalise inference functions to produce 'security specifications' which can be used to capture the desired degree of security in any shared system. We define what it means for a shared system to meet a security specification and indicate how implementations may be derived from their specifications in some cases. A summary of related work is given.

621.3822

Identifying potential vulnerabilities in software designs

Morris, Joseph C.

January 2007

Software engineers currently rely on lengthy source code reviews, testing, and static analysis tools to attempt identification of software vulnerabilities. While these are sometimes effective, the methods used are limited and don't catch all security vulnerabilities.Work has been done in identifying areas of software prone to failure through a design metrics approach, and with success. This study aims to extend this idea to software security. The premise of this thesis is that the set of security vulnerabilities overlaps (or may be a subset of) the overall set of software bugs and failures. It is postulated that a good, reliable design should also be a secure design. This thesis identifies design issues which may lead to security vulnerabilities and proposes possible design metric enhancements to capture these design properties. / Department of Computer Science

Computer security.

Computer software -- Development.

Software measurement.

Program behaviour modelling with flexible logical entity abstraction

Andrews, David

January 2006

"This study extends the use of abstration in program behaviour modelling, and provides a flexible abstraction technique that allows modelling in terms of the logical abstract concepts with which a program operates. This technique is called a Logical Entity Abstracted Program Behaviour Modelling (LEAPBM)."--leaf [ii] / Doctor of Philosophy

Computer security

Australian Digital Thesis

Software

The price of convenience :

Ng-Krülle, Seok Hian

Unknown Date

Literature has identified the need to study socially pervasive ICT “in context” in order to understand how user acceptability of innovation varies according to different inputs. This thesis contributes to the existing body of knowledge on innovation studies (Chapter 2) and proposes a methodology a conceptual model, for representing dynamic contextual changes in longitudinal studies. The foundation for this methodology is the “Price of Convenience” (PoC) Model (Chapter 4). As a theory development Thesis, it deals with two related studies of socially pervasive ICT implementation: (1) voluntary adoption of innovations and (2) acceptance of new socially pervasive and ubiquitous ICT innovations (Chapters 6 and 7). / Thesis (PhDInformationTechnology)--University of South Australia, [2006]

Ubiquitous computing

Computer security.

Information technology

Program behaviour modelling with flexible logical entity abstraction

Andrews, David . University of Ballarat.

January 2006

"This study extends the use of abstration in program behaviour modelling, and provides a flexible abstraction technique that allows modelling in terms of the logical abstract concepts with which a program operates. This technique is called a Logical Entity Abstracted Program Behaviour Modelling (LEAPBM)."--leaf [ii] / Doctor of Philosophy

Computer security

Australian Digital Thesis

Software

Digital receipts : a system to detect the compromise of digital certificates /

Seeley, Nathaniel

January 2006

Thesis (M.S.)--Brigham Young University. Dept. of Computer Science, 2006. / Includes bibliographical references (p. 55-57).

A taxonomy-based approach to intrusion detection system

Sohal, Amandeep Kaur.

January 2007

Thesis (M.S.)--University of Nevada, Reno, 2007. / "August, 2007." Includes bibliographical references (leaves 61-64). Online version available on the World Wide Web.

Using identity-based privacy-protected access control filter FILTER (IPACF) to against denial of service attacks and protect user privacy

Huang, Chun-Ching Andy,

January 2006

Thesis(M.S.)--Auburn University, 2006. / Abstract. Vita. Includes bibliographic references.

Observations on the cryptologic properties of the AES algorithm

Song, Beomsik.

January 2004

Thesis (Ph.D.)--University of Wollongong, 2004. / Typescript. Includes bibliographical references: leaf 109-116.