Ontological lockdown assessment : a thesis presented in partial fulfilment of the requirements for the degree of Master of Science in Information Technology at Massey University, Palmerston North, New Zealand
In order to keep shared access computers secure and stable system administrators resort
to locking down the computing environment in order to prevent intentional and
unintentional damage by users. Skilled attackers are often able to break out of locked
down computing environments and intentionally misuse shared access computers. This
misuse has resulted in cases of mass identity theft and fraud, some of which have had an
estimated cost ranging in millions.
In order to determine if it is possible to break out of locked down computing
environments an assessment method is required. Although a number of vulnerability
assessment techniques exist, none of the existing techniques are sufficient for assessing
locked down shared access computers. This is due to the existing techniques focusing
on traditional, application specific, software vulnerabilities. Break out path
vulnerabilities (which are exploited by attackers in order to break out of locked down
environments) differ substantially from traditional vulnerabilities, and as a consequence
are not easily discovered using existing techniques.
Ontologies can be thought of as a modelling technique that can be used to capture
expert knowledge about a domain of interest. The method for discovering break out
paths in locked down computers can be considered expert knowledge in the domain of
shared access computer security. This research proposes an ontology based assessment
process for discovering break out path vulnerabilities in locked down shared access
computers. The proposed approach is called the ontological lockdown assessment
process. The ontological lockdown assessment process is implemented against a real
world system and successfully identifies numerous break out path vulnerabilities.