A Study of Rootkit Stealth Techniques and Associated Detection Methods

Nerenberg, Daniel D.

A Study of Rootkit Stealth Techniques and Associated Detection Methods

Active / Technical Report | Accession Number: ADA519999 |

Open PDF

Abstract:

In todays world of advanced computing power at the fingertips of any user, we must constantly think of computer security. Information is power and this power is had within our computer systems. If we can not trust the information within our computer systems then we can not properly wield the power that comes from such information. Rootkits are software programs that are designed to develop and maintain an environment in which malware may hide on a computer system after successful compromise of that computer system. Rootkits cut at the very foundation of the trust that we put in our information and subsequent power. This thesis seeks to understand rootkit hiding techniques, rootkit finding techniques and develops attack trees and defense trees in order to help us identify deficiencies in detection to further increase the trust in our information systems.

Author(s):

Nerenberg, Daniel D.

Author Organization(s):

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT

Descriptive Note:

Master's thesis

Supplementary Note:

The original document contains color images.

Pagination:

0084

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFIT/GCE/ENG/07-10

Contract/Grant Number(s):

DACA99-99-C-9999

Monitor Series:

AFRL/SNT

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5_Command and Control; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_1_Force Support; JCA_1.2.7_Experimentation; JCA_1.2_Force Preparation; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_1.2.6_Concepts

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*DATA PROCESSING SECURITY, DETECTION, THESES, COMPUTER PROGRAMS, INFORMATION SYSTEMS

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

ROOTKITS, ATTACK TREES, DEFENSE TREES

Report Date:

2007 Mar 01

Creation Date:

2010 May 26