Högskolan i Skövde

his.sePublications
Planned maintenance
A system upgrade is planned for 24/9-2024, at 12:00-14:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Guidelines for white box penetration testing wired devices in secure network environments
University of Skövde, School of Informatics.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

As technology is becoming a prevalent and ubiquitous part of society, increasing levels of cybercrime have drawn attention to the need for suitable frameworks for ensuring the security of systems by conducting penetration tests. There are several large and established frameworks for doing so, and they tend to focus on complicated large systems with multiple endpoints, devices, and network layers. The majority of new penetration testing research is also directed toward this scenario, by building automated tools that rely on new research in artificial intelligence. 

While it is admirable to see research adapt to address the tendency toward complexity in networks and systems, it has created a research gap in the other direction. There is no specialized type of framework to accurately and efficiently test an important type of scenario where there is a wired network device in a secure environment that is subject to the risk of insider threat. The large established frameworks mostly advocate for testing using a black-box approach and automated tools. This approach is unsuitable for the scenario since it is likely to produce a level of false positives that is too high, and black box testing also contains steps that are slow and unnecessary. 

This master thesis project has created a set of specialized penetration testing guidelines that are tailored to handle the scenario. By instead adopting a customized white-box approach and using mostly manual tools, the guidelines are built for accuracy, efficiency, and addressing the dangerous risk of insider threats. They were developed based on a systematic literature review of the scientific field. Further, they were produced using Design Science Research methodology, and evaluated by an expert panel of three professional penetration testers. They were also tested in a real-life scenario at a government agency focused on national security. The tests were able to find three vulnerabilities of the target device, where two of them would have been missed by a black-box approach. Compared to the established frameworks, the developed guidelines are estimated to be at least 20 percent faster. 

Place, publisher, year, edition, pages
2023. , p. 3, 72
Keywords [en]
Penetration test, security assessment, white box, secure network, framework, methodology, guidelines
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-22993OAI: oai:DiVA.org:his-22993DiVA, id: diva2:1781017
External cooperation
Swedish Police Authority (Polismyndigheten)
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
Available from: 2023-07-06 Created: 2023-07-06 Last updated: 2023-07-06Bibliographically approved

Open Access in DiVA

fulltext(1426 kB)1054 downloads
File information
File name FULLTEXT01.pdfFile size 1426 kBChecksum SHA-512
330acdff0abbcc379d407e0af3d88ffd6c7bbac81b1b6a620f16531ba4c63a3bb09a0d09377af04da7662e04de5d24a06d3dd189cb35de96b950ecf5852ee01e
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 1054 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 840 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf