Analysis of Security Risk Controllability for Windows OS

doi:10.3969/j.issn.1671-1122.2015.04.002

Abstract

Abstract:

With the popularization and rapid development of internet, the problems concerning information security have become increasingly prominent, causing increasing security risks. Information systems, networks, and network applications have been attacked frequently, and the attacking methods have become increasingly sophisticated, mature, and diverse. As the most popular OS worldwide, Windows system naturally has received more attacks than others. Facing the more advanced attacks, Microsoft constantly launches new version of Windows with new security features. Among these security features, the improvement of controllability is important to reduce security risks. Not only the security risk controllability of an information system should be assured, but also the users can control the security risks to a certain extent. This paper analyzes and discusses what new security mechanisms have been introduced based on Windows 8, and what existing security solutions have been improved in this new version, and lastly how these new measures impact on the security risk controllability.

Key words: Windows, controllability, security features

CLC Number:

TP309

QING Si-han, CHENG Wei, DU Chao. Analysis of Security Risk Controllability for Windows OS[J]. Netinfo Security, 2015, 15(4): 5-12.

Figures/Tables 8

References 17

[1]	Microsoft corporation. Windows 8 security improvements[EB/OL]. .aspx, 2015.
[2]	Microsoft corporation. What's Changed in Security Technologies in Windows 8.1[EB/OL]..aspx, 2013.
[3]	UEFI Forum. Unified Extensible Firmware Interface Specification Version 2.4[EB/OL]., 2013.
[4]	Microsoft corporation. Early Launch Anti-Malware[EB/OL]. .aspx, 2015.
[5]	Trusted Computing Group. Trusted Platform Module (TPM) Specifications[EB/OL]., 2015.
[6]	Ben Hawkes. Attacking the Vista Heap[EB/OL]., 2008.
[7]	Microsoft corporation. Data Execution Prevention[EB/OL]..aspx, 2015.
[8]	Michael Howard. Address Space Layout Randomization in Windows Vista[EB/OL]. , 2006.
[9]	Dionysus Blazakis. Interpreter Exploitation: Pointer Inference and JIT Spraying. Black Hat[EB/OL]., 2010 .
[10]	XiaBo Chen, Jun Xie. Defeat Windows 7 Browser Memory Protection[C]//XCon, 2010.
[11]	Microsoft corporation. AppLocker Overview[EB/OL]..aspx, 2012.
[12]	Microsoft corporation. BitLocker[EB/OL]..aspx, 2014.
[13]	Microsoft corporation. Windows Defender Guide[EB/OL]..aspx, 2015.
[14]	Microsoft corporation. Windows 7 Security Baseline[EB/OL]..aspx,2013.
[15]	Microsoft corporation. Security Development Lifecycle[EB/OL]., 2015.
[16]	Matt Miller, Ken Johnson.Exploit Mitigation Improvements in Windows 8[C]// Black Hat USA, 2012.
[17]	Zhenhua Eric Liu.Advanced Heap Manipulation in Windows 8[C]// Black Hat USA, 2013.