A Proposed Taxonomy of Software Weapons

The computer security community of today can be compared to the American Wild West once upon a time; no real law and order and a lot of new citizens. The terms and classification schemes used in the computer security field today are not standardised. Thus the field is hard to take in, there is a risk of misunderstandings, and there is a risk that the scientific work is being hampered.Therefore this report presents a proposal for a taxonomy of software based IT weapons. After an account of the theories governing the formation of a taxonomy, and a presentation of the requisites, seven taxonomies from different parts of the computer security field are evaluated. Then the proposed new taxonomy is introduced and the inclusion of each of the 15 categories is motivated and discussed in separate sections…

Contents

1 Introduction
1.1 Background
1.2 Purpose
1.3 Questions to be answered
1.4 Scope
1.5 Method
1.6 Intended readers
1.7 Why read the NordSec paper?
1.7.1 Chronology of work
1.7.2 Sequence of writing
1.7.3 Line of thought
1.8 Structure of the thesis
2 The abridged NordSec paper
2.1 A Taxonomy of Software Weapons
2.1.1 A Draft for a Taxonomy
3 Theory
3.1 Why do we need a taxonomy?
3.1.1 In general
3.1.2 Computer security
3.1.3 FOI
3.1.4 Summary of needs
3.2 Taxonomic theory
3.2.1 Before computers
3.2.2 Requirements of a taxonomy
3.3 Definition of malware
4 Earlier malware categorisations
4.1 Boney
4.1.1 Summary of evaluation
4.2 Bontchev
4.2.1 Summary of evaluation
xixii CONTENTS
4.3 Brunnstein
4.3.1 Summary of evaluation
4.4 CARO
4.4.1 Summary of evaluation
4.5 Helenius
4.5.1 Harmful program code
4.5.2 Virus by infection mechanism
4.5.3 Virus by general characteristics
4.5.4 Summary of evaluation
4.6 Howard-Longstaff
4.6.1 Summary of evaluation
4.7 Landwehr
4.7.1 Summary of evaluation
4.8 Conclusio
5 TEBIT
5.1 Definition
5.1.1 Instructions
5.1.2 Successful
5.1.3 Attack
5.2 Taxonomy
5.3 In depth
5.3.1 Type
5.3.2 Violates
5.3.3 Duration of effect
5.3.4 Targeting
5.3.5 Attack
5.3.6 Functional area
5.3.7 Affected data
5.3.8 Used vulnerability
5.3.9 Topology of source
5.3.10 Target of attack
5.3.11 Platform dependency
5.3.12 Signature of replicated code
5.3.13 Signature of attack
5.3.14 Signature when passive
5.3.15 Signature when active
5.4 In practice
6 Discussion
6.1 General defences
6.2 How a taxonomy increases security
6.3 In the future
6.4 Summary
7 Acronyms
Bibliography

Author: Karresand, Martin

Source: Linköping University

Download URL 2: Visit Now