Magnesium Object Manager Sandbox, A More Effective Sandbox Method for Windows 7

A major issue in computer security is limiting the affects a program can have on a computer. One way is to place the program into a sandbox, a limited environment. Many attempts have been made to create a sandbox that maintains the usability of a program and effectively limits the effects of the program. Sandboxes that limit the resources programs can access, have succeeded. To test the effectiveness of a sandbox that limits the resources a program can access on Windows 7, the Magnesium Object Manager Sandbox (MOMS) is created. MOMS uses a kernel mode Windows component to monitor and limit the access rights to every resource. Based on the performance data of a set of test programs, running with and without MOMS, and with different hardware configurations, the hardware configuration and MOMS has an impact to performance a normal user probably will not notice. For the exploits run against two of the test programs, none of the associated payloads successfully ran. While these tests are promising, they are limited in scope and further testing is required to increase their scope. Furthermore, based on analysis of MOMS, vulnerabilities exist, but they are straightforward to fix with further development

Advanced Persistent Threats in Cybersecurity – Cyber Warfare

This book aims to provide a comprehensive analysis of Advanced Persistent Threats (APTs), including their characteristics, origins, methods, consequences, and defense strategies, with a focus on detecting these threats. It explores the concept of advanced persistent threats in the context of cyber security and cyber warfare. APTs represent one of the most insidious and challenging forms of cyber threats, characterized by their sophistication, persistence, and targeted nature. The paper examines the origins, characteristics and methods used by APT actors. It also explores the complexities associated with APT detection, analyzing the evolving tactics used by threat actors and the corresponding advances in detection methodologies. It highlights the importance of a multi-faceted approach that integrates technological innovations with proactive defense strategies to effectively identify and mitigate APT

Amenințările persistente avansate în securitatea cibernetică – Războiul cibernetic

O analiză cuprinzătoare a Amenințărilor Persistente Avansate (Advanced Persistent Threats, APT), inclusiv caracteristicile, originile, metodele, consecințele și strategiile de apărare ale acestora, cu accent pe detectarea acestor amenințări. Se explorează conceptul de amenințări persistente avansate în contextul securității cibernetice și al războiului cibernetic. APT reprezintă una dintre cele mai insidioase și provocatoare forme de amenințări cibernetice, caracterizate prin sofisticarea, persistența și natura lor țintită. Această carte analizează originile, caracteristicile și metodele folosite de actorii APT. De asemenea, explorează complexitățile asociate cu detectarea APT, analizând tacticile evolutive folosite de actorii amenințărilor și a progreselor corespunzătoare în metodologiile de detectare. Cartea subliniază importanța abordării cu mai multe fațete, care integrează inovații tehnologice cu strategii proactive de apărare pentru a identifica în mod eficient și atenua APT

Les menaces persistantes avancées en cybersécurité – La guerre cybernétique

Ce livre vise à fournir une analyse complète des menaces persistantes avancées, y compris leurs caractéristiques, origines, méthodes, conséquences et stratégies de défense, en mettant l'accent sur la détection de ces menaces. Il explore le concept de menaces persistantes avancées dans le contexte de la cybersécurité et de la cyberguerre. Les menaces persistantes avancées représentent l’une des formes de cybermenaces les plus insidieuses et les plus complexes, caractérisée par leur sophistication, leur persistance et leur nature ciblée. Le livre examine les origines, les caractéristiques et les méthodes utilisées par les acteurs des menaces persistantes avancées. Il explore également les complexités associées à la détection des menaces persistantes avancées, en analysant l'évolution des tactiques utilisées par les acteurs de la menace et les avancées correspondantes dans les méthodologies de détection. Il souligne l’importance d’une approche multidimensionnelle intégrant les innovations technologiques à des stratégies de défense proactives pour identifier et atténuer efficacement les menaces persistantes avancées

Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls

Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that can be caused by malicious code. Unfortunately existing application-oriented access controls have policy complexity and usability problems that have limited their use. This thesis proposes a new access control model, known as functionality-based application confinement (FBAC). The FBAC model has a number of unique features designed to overcome problems with previous approaches. Policy abstractions, known as functionalities, are used to assign authority to applications based on the features they provide. Functionalities authorise elaborate sets of finely grained privileges based on high-level security goals, and adapt to the needs of specific applications through parameterisation. FBAC is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy. It also simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls. An LSM-based (Linux security module) prototype implementation, known as FBAC-LSM, was developed as a proof-of-concept and was used to evaluate the new model and associated techniques. The policy requirements of over one hundred applications were analysed, and policy abstractions and application policies were developed. Analysis showed that the FBAC model is capable of representing the privilege needs of applications. The model is also well suited to automaiii tion techniques that can in many cases create complete application policies a priori, that is, without first running the applications. This is an improvement over previous approaches that typically rely on learning modes to generate policies. A usability study was conducted, which showed that compared to two widely-deployed alternatives (SELinux and AppArmor), FBAC-LSM had significantly higher perceived usability and resulted in significantly more protective policies. Qualitative analysis was performed and gave further insight into the issues surrounding the usability of application-oriented access controls, and confirmed the success of the FBAC model

Protecting data from malicious software

Corruption or disclosure of sensitive user documents can be among the most lasting and costly effects of malicious software attacks. Many malicious programs specifically target files that are likely to contain important user data. Researchers have approached this problem by developing techniques for restricting access to resources on an application-by-application basis. These so-called “sandbox environments, ” though effective, are cumbersome and difficult to use. In this paper, we present a prototype Windows NT/2000 tool that addresses malicious software threats to user data by extending the existing set of file-access permissions. Management and configuration options make the tool unobtrusive and easy to use. We have conducted preliminary experiments to assess the usability of the tool and to evaluate the effects of improvements we have made. Our work has produced an intuitive data-centric method of protecting valuable documents that provides an additional layer of defense beyond existing antivirus solutions. to produce. After all, the computer and its software are simply tools being used to aid in the creation of this data in the first place. While corporations may be legitimately concerned with side effects such as system availability and the resources required to eradicate an out-of-control virus, users are ultimately concerned with the integrity and confidentiality of the data contained in their files. The Windows NT / 2000 security model provides users with the ability to protect sensitive documents from access by other users. The type of access control provided by Windows is known as discretionary access control (DAC) because the owner of a file is given discretion in determining the access permissions for that file. This is in contrast with mandatory access control (MAC) where file permissions are much more tightly controlled [16]. Figure 1 shows the Windows NT 4.0 dialog box that enables a user to select file permissions for a document. 1