PMCAP: A Threat Model of Process Memory Data on the Windows Operating System
Joint Authors
Source
Security and Communication Networks
Issue
Vol. 2017, Issue 2017 (31 Dec. 2017), pp.1-15, 15 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2017-05-22
Country of Publication
Egypt
No. of Pages
15
Main Subjects
Information Technology and Computer Science
Abstract EN
Research on endpoint security involves both traditional PC platform and prevalent mobile platform, among which the analysis of software vulnerability and malware is one of the important contents.
For researchers, it is necessary to carry out nonstop exploration of the insecure factors in order to better protect the endpoints.
Driven by this motivation, we propose a new threat model named Process Memory Captor (PMCAP) on the Windows operating system which threatens the live process volatile memory data.
Compared with other threats, PMCAP aims at dynamic data in the process memory and uses a noninvasive approach for data extraction.
In this paper we describe and analyze the model and then give a detailed implementation taking four popular web browsers IE, Edge, Chrome, and Firefox as examples.
Finally, the model is verified through real experiments and case studies.
Compared with existing technologies, PMCAP can extract valuable data at a lower cost; some techniques in the model are also suitable for memory forensics and malware analysis.
American Psychological Association (APA)
Pan, Jiaye& Zhuang, Yi. 2017. PMCAP: A Threat Model of Process Memory Data on the Windows Operating System. Security and Communication Networks،Vol. 2017, no. 2017, pp.1-15.
https://search.emarefa.net/detail/BIM-1202926
Modern Language Association (MLA)
Pan, Jiaye& Zhuang, Yi. PMCAP: A Threat Model of Process Memory Data on the Windows Operating System. Security and Communication Networks No. 2017 (2017), pp.1-15.
https://search.emarefa.net/detail/BIM-1202926
American Medical Association (AMA)
Pan, Jiaye& Zhuang, Yi. PMCAP: A Threat Model of Process Memory Data on the Windows Operating System. Security and Communication Networks. 2017. Vol. 2017, no. 2017, pp.1-15.
https://search.emarefa.net/detail/BIM-1202926
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1202926