OPERATING SYSTEM SECURITYMODELING : An Experimental Study on the CySeMoL model

Abstract: In this Master Thesis, several common applications and Windows operating systemservices are modeled within the field of information security. This thesis focuses onapplying the Enterprise Architecture Analysis Tool (EAAT) and the Cyber SecurityModeling Language (CySeMoL), which are developed by the Department of IndustrialInformation and Control System (ICS) at KTH. The overall objective of this study is todetermine the probability of the CySeMol model with a particular kind of attack. Theproject models six common applications on Windows platform and two Windowsoperating system services. The detailed information regarding the applications and defensemechanism are acquired from various sources. A few experiments have been carried out tovalidate the correctness of the predicted probabilities calculated by the CySeMoL. Theresults of the analysis suggest that the CySeMoL model has a good performance onoperating system vulnerability prediction. At last, some possible suggestions in the contextof the CySeMoL model are given.