Μελέτη μηχανισμών whitelisting σε λειτουργικά windows: τεχνικές παράκαμψης και μέτρα ασφάλειας
Study of whitelisting mechanisms in windows operating systems: bypassing techniques and security controls
KeywordsAppLocker ; SRP ; Μηχανισμοί whitelisting ; Whitelisting ; Windows ; Τεχνικές παράκαμψης ; Μέτρα ασφάλειας ; Bypassing techniques ; Security controls
Modern Operating Systems are enhanced with several techniques for system security. Whitelisting is a common technique for securing, the network, the system and the application layer. Application whitelisting tools such as AppLocker are supported by modern operating systems and offer the ability to dynamically control the access of individual users or groups at the application level. The purpose of this thesis is to compare the individual features of two particularly popular whitelisting tools for Windows operating systems (Software Restriction Policy, AppLocker). More specifically, through an organizational structure of a company, we examine the operation, the capabilities, the differences and the effective security configuration of these tools. In addition, we analyze and test known bypassing techniques that exist for the above whitelisting tools, as well as the available security measures to effectively deal with the above bypassing techniques. Finally, the most important conlusions are presented, along with suggestions for future work.