PMCAP: A Threat Model of Process Memory Data on the Windows Operating System

Pan, Jiaye; Zhuang, Yi

doi:10.1155/2017/4621587

Cited by 9 publications

(6 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [121], the authors, as in [118], emphasized the description of attacks and threats, without a detailed description of the model to which these threats and attacks can be applied. Additionally, in [127], on the contrary, the authors placed more emphasis on the description of the model than on the description of threats.…”

Section: Publicationmentioning

confidence: 99%

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

et al. 2022

View full text Add to dashboard Cite

Information security is one of the most important attributes of distributed systems that often operate on unreliable networks. Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as «threat modeling». Information protection should be comprehensive, but it is also necessary to take into account the possibility of the emergence of threats specific to a certain information system. Many public and private organizations are still trying to implement system models and the threats directed at them on their own. The main reason for this is the lack of useful and high-quality methodologies that can help developers design system models. This review explores a variety of the literature on confidentiality- and integrity-aware system design methodologies, as well as threat classification methods, and identifies key issues that may be referenced by organizations to make design system processes easier. In particular, this article takes a look at the extent to which existing methodologies cover objects of protection and methods of classifying threats, as well as whether there are such models of systems in which the object itself and the threats directed at it are described. This includes whether the compiled models exhibit symmetry or asymmetry. This literature research shows that methodologies appear to be heterogeneous and versatile, since existing methodologies often only focus on one object of protection (a system). Based on the given analysis, it can be concluded that the existing methodologies only relate superficially to the description of system models and threats, and it is necessary to develop a more complete abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.

show abstract

Section: Publicationmentioning

confidence: 99%

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Low-level approaches are those that describe threats in detail. Such approaches may be based on the use of the list of attacks [15][16][17][18][19] or the list of attack scenarios [20]. Some approaches come down to analyzing the exploitation of vulnerabilities in the system [21][22][23].…”

Section: Related Workmentioning

confidence: 99%

“…is an added application. The threat of an element or link substitution is characterized by removing a vertex or an edge from the set X i or E j , respectively, and adding a vertex or an edge instead of the deleted one, i.e., for a set of applications, this is described by the sequence of Equations (15) and (16):…”

Section: Threats Of a Link Settings Changing-c S4ementioning

confidence: 99%

Model of Threats to Computer Network Software

2019

View full text Add to dashboard Cite

This article highlights the issue of identifying information security threats to computer networks. The aim of the study is to increase the number of identified threats. Firstly, it was carried out the analysis of computer network models used to identify threats, as well as in approaches to building computer network threat models. The shortcomings that need to be corrected are highlighted. On the basis of the mathematical apparatus of attributive metagraphs, a computer network model is developed that allows to describe the software components of computer networks and all possible connections between them. On the basis of elementary operations on metagraphs, a model of threats to the security of computer network software is developed, which allows compiling lists of threats to the integrity and confidentiality of computer network software. These lists include more threats in comparison with the considered analogues.

show abstract

“…To protect intellectual property, many applications use multiple protection mechanisms to avoid external reverse analysis and leakage of implementation details. For malicious programs, it is also important to adopt detection techniques and other countermeasures to impede or mitigate the recognition of malicious behaviors [1][2][3].…”

Section: Introductionmentioning

confidence: 99%

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Pan

Zhuang

Sun

2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

To protect core functions, applications often utilize the countermeasure techniques such as antidebugging to avoid analysis by outsiders, especially the malware. Dynamic binary instrumentation is commonly used in the analysis of binary programs. However, it can be easily detected and has stability and applicability problems as it involves program rewriting and just-in-time compilation. This paper proposes a new lightweight analysis method for binary programs with the assistance of hardware features and the operating system kernel, named BAHK, which can automatically analyze the target program by stealth and has wide applicability. With the support of underlying infrastructures, this paper designs several optimization strategies and specific analysis approaches at instruction level to reduce the impact of fine-grained analysis on the performance of target program so that it can be well applied in practice. The experimental results show that the proposed method has good stealthiness, low memory consumption, and positive user experience. In some cases, it shows better analysis performance than the traditional dynamic binary instrumentation method. Finally, the real case studies further show its feasibility and effectiveness.

show abstract

PMCAP: A Threat Model of Process Memory Data on the Windows Operating System

Cited by 9 publications

References 19 publications

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

Model of Threats to Computer Network Software

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Contact Info

Product

Resources

About