Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Identification and Exploitation of Vulnerabilities in a Large-Scale ITSystem
KTH, School of Electrical Engineering and Computer Science (EECS).
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Identifiering och uttnytjande av sårbarheter i ett storskaligt IT-system. (Swedish)
Abstract [en]

This thesis presents the results of a vulnerability assessment and exploit development targeting a large-scale IT-system. Penetration testing and threat modelling was used to identify vulnerabilities in the system. This resulted in identification of five vulnerabilities and the development of a reliable denial of service exploit using an authentication bypass and a stack-based buffer overflow. The consequences of the vulnerabilities and the exploit is discussed and set into a broader perspective. The conclusion is that the results from this thesis can help improve the security of the IT-system. However, the identification of additional vulnerabilities could lead to a more potent exploit.

Abstract [sv]

I detta examensarbete har ett storskaligt IT-system säkerhetsgranskats. Metoden som har används är penetrationstest och hotmodellering. Resultatet är en tillförlitlig överbelastningsattack som utnyttjar två av de fem sårbarheter som har upptäckts. Attacken utnyttjar ett fel i auktoriseringsflöde och en buffertöverfyllning. Konsekvenser av attacken och sårbarheterna diskuteras. Slutsatsen är att resultatet kommer att bidra till att IT-systemet blir säkrare men om fler sårbarheter hade hittats så skulle attacken kunnat ha bättre verkan på målet.

Place, publisher, year, edition, pages
2019. , p. 87
Series
TRITA-EECS-EX ; 2019:501
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-261423OAI: oai:DiVA.org:kth-261423DiVA, id: diva2:1358429
Educational program
Master of Science in Engineering - Computer Science and Technology
Supervisors
Examiners
Available from: 2019-10-08 Created: 2019-10-07 Last updated: 2019-10-08Bibliographically approved

Open Access in DiVA

fulltext(991 kB)6 downloads
File information
File name FULLTEXT01.pdfFile size 991 kBChecksum SHA-512
39f983effbbbcb663882d8ae1010c35438db910694591ea4b31dbf0ba2e244304c8c800c9c7e999976a9d883e4033c4f33f90f11023e766251969d1a9aee4c34
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 6 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 18 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf