Segurança informática
: vulnerabilidades aplicacionais

  • Tiago Miguel Brito da Silva (Student)

Student thesis: Master's Thesis

Abstract

With the advent of computers and the current dependence of population on these machines, there is a need to improve security systems. Since some years ago a buffer overflow and DLL injection vulnerabilities are considered critical, because they are often used to attack computers on the network. An anonymous attacker, when performing such an attack, seek illegal access to a computer, many of these attacks are provided from the application of social engineering. The alliance between illegal access to a system via a vulnerability with the use of Social Engineering, aims to create a hybrid attack. In order to protect a system, it is necessary to identify potential threats and therefore know and predict the attack possible way of act. Given this scenario, it was necessary to create safeguards that minimize the risk of attack, these measures may be the training given to users and establishing a set of criteria to evaluate a system, to its confidentiality, integrity and availability. To prove that the new security features of current operating systems are effective against some of these vulnerabilities, this study sought to build a malware that can test these same features. This program encompasses an attack by injecting a DLL, followed by an escalation of privileges, culminating with the theft of user information. In the proposed methodology attempts to verify the conditions under which protection systems operating systems give way and allow the installation of malware. Through the proposed methodology was able to verify the operating systems that can prevent the attack. In order to prevent and improve the most current operating systems need new ways to develop secure software, based on the application of existing theories, such as the adoption of a development process that considers the safety requirements as an integral part of the construction project software. This work is expected to contribute to the improvement of safety systems operating systems.
Date of Award2012
Original languagePortuguese
Awarding Institution
  • Universidade Católica Portuguesa
SupervisorTito Lívio dos Santos Silva (Supervisor)

Keywords

  • Buffer overflow
  • Vulnerability
  • Social engineering
  • Security

Designation

  • Mestrado em Engenharia Informática

Cite this

Links

'