Relevance of Security Features Introduced in Modern Windows OS

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2019-06-17
Department
Major/Subject
Computer Science
Mcode
CS
Degree programme
Master’s Programme in Computer, Communication and Information Sciences
Language
en
Pages
84
Series
Abstract
Modern Windows Operating Systems contains a large collection of built-in security features. This thesis covers three of the features, namely, Early Launch Antimalware, Protected Processes Light and Control Flow Guard. The thesis discusses the internal mechanism of each of the features and examines how effective each of them was against real attack cases. The thesis also describes how each of the attacks work and why the features were or were not able to counter them. The thesis then provides some proof of concepts to demonstrate some practical approaches on how attackers might adapt to the new defense. Finally, the thesis concludes why it is important to understand as much of the features as possible by showing how some of the features are dependent on other features to be effective. The thesis also provides some advice to both end users and software vendors with regards to how the selected features would affect them moving forward.
Description
Supervisor
Asokan, N
Thesis advisor
Palumbo, Paolo
Keywords
ELAM, early launch antimalware, PPL, protected processes light, CFG, control flow guard
Other note
Citation