2016 Eighth International Conference on Measuring Technology and Mechatronics Automation

Research on the Security Problem in Windows 7 Operating System

Fan Yile
Hainan vocational college of political science and law institute, Haikou 571100 China
[email protected]

Abstract—Windows 7 is a personal computer operating system above important information network systems should tackle
developed by Microsoft Corporation, and it belongs to the threats of hacker’s invasion[7][8]. In recent years,
Windows NT family. This paper concentrates on the topic of Internet is widely exploited in contemporary social fife, and
analyzing the security level of Windows 7 Operating System, then people pay more and more attentions to the security
and security level of the information system highly depends on
problem of operating system. Moreover, operating system is
the operating system. To estimate the security grade of
Windows 7 operating system, we use the graph model to regarded as a bridge between hardware and upper layer
describe the relationships between vulnerabilities. In the software, and security of operating system is a crucial
proposed graph model, AND Structure and OR Structure are component of the entire information security system[9].
exploited. To testify the performance of the proposed security In order to avoid network threat and attack, we should
evaluation method, we collect 1358 Windows vulnerabilities to propose effective security mechanism to protect and defend
construct a dataset. In our experiment, Windows 98, Windows network threats. A good operating system should present
2000, Windows XP and Windows 7 are utilized, and three enough safe protection to the information resources, and
different types of user are applied, that is, distributed users, then prevent the abuse of the unauthorized users[10][11]. In
trusted users, and regular users. Experimental results
this paper, we aim to study on the security problem in
demonstrate that Window 7 achieve higher security level than
the former Windows version. windows 7 operating system.
The rest of the paper is organized as follows. Section 2
illustrates Overview of Microsoft Windows 7. In section 3,
we propose a method to evaluate the security of windows 7
Keywords- Security problem, Windows 7, Operating system, operating system. Section 4 gives experimental results and
Graph model. related analysis. Finally, the conclusions are drawn in
section 5.

I. INTRODUCTION II. OVERVIEW OF MICROSOFT WINDOWS 7

With the rapid development of computer and network Windows 7 refers to a personal computer operating
technology, information security has been a crucial problem system developed by Microsoft Corporation, and it belongs
in computer security management. Furthermore, security to a part of the Windows NT family of operating systems.
level of the information system highly depends on the In particular, Windows 7 was released to the software
operating system[1][2]. Thus, evaluating security of the market at 22 July 2009. Furthermore, Windows 7 is
operating system is of great importance for information designed and implemented to be an incremental upgrade to
security and operating system research. Operating system the former Windows version - Windows Vista, and strongly
refers to a kind of basic software which can solve the maintains its hardware and software compatibility.
computer hardware directly[3][4]. The security level of Windows 7 continued improvements user interface with the
operating system denotes the basic element of other addition of a redesigned taskbar.
application software securities. Without this safe foundation, On the other hand, some new features are introduced in
application systems and security systems cannot satisfy Windows 7, such as libraries, and a new file sharing system.
some basic guarantee. In the environment of the network, Particularly, a new Action Center is proposed to give an
the security highly depends on each host computer system overview of system security and maintenance information.
in it. Without security of the operating system, there are no In Windows 7, some stock applications are updated, such as
securities of host computer systems. Hence, the security of Internet Explorer 8, Windows Media Player, and Windows
operating system significantly affects all the computer Media Center and so on. Different from Windows Vista,
system[5]. Windows 7 performs better than its former version. In
Along with the important information networks general, Windows 7 is a successful product for Microsoft.
interconnected with Internet (such as the finance,
government affairs, commercial affairs, and Internet),
computer operating system has played an important role in
politics and economy management. At the same time, the

2157-1481/15 $31.00 © 2015 IEEE 568

DOI 10.1109/ICMTMA.2016.139
 Table. 1 Basic settings of Microsoft Windows 7 where Vt . X .Pc means the threat of consequence privilege
Attribute Value set of V on X , and Vh . X .Pp is the threat of premise

General privilege set for Vh on X .

22 October 2009
availability Then, the security risk is defined as follows.
Latest release Service Pack 1 (6.1.7601)
SR  X ,Vh  Vm  Vt 
Update method Windows Update

Platforms IA-32 and x86-64

 ST  X , Vh  Vm  Vt 

i h , m ,t
Vi
E (2)

Kernel type Hybrid

where symbol E means the attack complexity of Vi
License Proprietary commercial software Afterwards, we calculate the risk of a vulnerability
(denoted as  ) on X as follows.
Preceded by Windows Vista (2007)

Succeeded by Windows 8   X ,V   max  S  X , i)  , i vuV  (3)

where function S  denotes the security risk level, and

vuV refers to all correlative elements in the vulnerability
III. EVALUATING THE SECURITY OF WINDOWS 7
chain which is headed by V .
OPERATING SYSTEM
The objective security risk level (denoted as ) on X is
computed as follows.
In order to evaluate the security of Windows 7 operating
system, we utilize the graph model to describe the
relationships between vulnerabilities. In our graph model, TypeOS ,U   T1 , T2 ,L Tp  (4)
“AND Structure” and “OR Structure” are contained, where

 
AND-Structure refers to the precondition of estimating the
vulnerability v attack vi . Meanwhile, the OR Structure Ti . X  max  X ,V  TypeOS I V .Pp  U (5)
i

refers to that if there is a vi which is utilized successfully,

attackers is able to try to use next successive vulnerability IV. EXPERIMENT
v . Afterwards, we assume that there is a graph
G  V , E  , where V denotes a set of vulnerabilities, To test the performance of our security evaluation
method, we collect 1358 Windows vulnerabilities in the
and E is a set of directed edges. Next, we divide graph G
Bugtraq dataset. We construct a graph model to describe the
to several parts, which refer to different operating systems. security estimating problem in various versions of Windows,
Thus, vi  v j  vk refers to a vulnerability chain from including: Windows 98, Windows 2000, Windows XP and
vi to vk . Windows 7. That is, TypeOS  {Windows 98, Windows
In order to compute the security level of Windows 7, we 2000, Windows XP and Windows 7}. Moreover, three types
define the security level of a vulnerability for a correlative of testing users are used, that is, U  {Distributed users,
chain as follows. Trusted users, and Regular users}. The number of
For a vulnerability chain Vh  Vm  Vt on the vulnerabilities for different types of Windows versions is
listed in Fig. 1.
attribute, the security threat is defined as follows.

ST  X ,Vh  Vm  Vt 
(1)
 Vt . X .Pc  Vh . X .Pp  X C ,U , A

569
 0.7
Confidentiality
1000
0.6 Authenticity
900
Availability
Number of vulnerabilities

800 0.5

700 0.4
600
0.3
500
0.2
400
300 0.1

200 0
100 Windows 98 Windows NT Windows Windows XP Windows 7
2000
0
Windows Windows Windows Windows Windows Figure 3. Risk sum of vulnerabilities for distributed users,
98 NT 2000 XP 7

Figure 1. Number of vulnerabilities for different types of Windows Confidentiality Authenticity Availability
versions
1

Fig. 1 demonstrates that Windows 7 performs better than 0.95

others, because the number of vulnerabilities for Windows 7
is lower than others. 0.9

Then, risk sum of vulnerabilities for different types of

0.85
Windows versions are given as follows.
0.8

0.9 Confidentiality
0.75
0.8 Authenticity Windows 98 Windows NT Windows Windows XP Windows 7
0.7 Availability 2000

0.6 Figure 4. Risk sum of vulnerabilities for trusted users

0.5

0.4

0.3 1 Confidentiality
0.2 0.9 Authenticity
0.1 0.8 Availability
0 0.7
Windows 98 Windows NT Windows Windows XP Windows 7 0.6
2000
0.5
Figure 2. Risk sum of vulnerabilities for different types of Windows 0.4
versions 0.3
0.2
0.1
From Fig. 2, we can see that for all performance
0
evaluation metric confidentiality, authenticity and Windows 98 Windows NT Windows Windows XP Windows 7
availability, Windows 7 can achieve higher level of system 2000
security than others.
Figure 5. Risk sum of vulnerabilities for regular users.

From Fig. 3 to Fig. 5, we find that for Distributed users,

Trusted users, and Regular users, security level of Windows
7 is higher than the former Windows versions.

570
 V. CONCLUSION

In this paper, we study on the security problems of

Windows 7 operating system. Particularly, in order to
evaluate the security grade of Windows 7 operating system,
we develop the graph model to mine the correlations
between different vulnerabilities, and we design AND
Structure and OR Structure to model the security evaluation
problem. Finally, experimental results can prove that
compared with the former windows version, Window 7
achieve higher security performance.

REFERENCE

[1] Barasa Maulidi, Aganda Alex, Wind power variability of selected

sites in Kenya and the impact to system operating reserve, Renewable
Energy, 2016, 85: 464-471
[2] Kvalnes Age, Johansen Dag, van Renesse Robbert, Schneider Fred B.,
Valvag Steffen Viken, Omni-Kernel: An Operating System
Architecture for Pervasive Monitoring and Scheduling, IEEE
Transactions on Parallel and Distributed Systems, 2015, 26(10):
2849-2862
[3] Hsu Fu-Hau, Wu Min-Hao, Chang Yi-Wen, Wang Shiuh-Jeng, Web
security in a windows system as PrivacyDefender in private browsing
mode, Multimedia Tools and Applications, 2015, 74(5): 1667-1688.
[4] Salah Khaled, Alcaraz Calero Jose M., Bernabe Jorge Bernal, Perez
Juan M. Marin, Zeadally Sherali, Analyzing the security of Windows
7 and Linux for cloud computing, Computers & Security, 2013, 34:
113-122.
[5] Kaczmarek Jerzy, Wrobel Michal R., Operating system security by
integrity checking and recovery using write-protected storage, IET
Information Security, 2014, 8(2): 122-131
[6] Lee Chanhee, Kim Jonghwa, Cho Seong-je, Choi Jongmoo, Park
Yeongung, Unified security enhancement framework for the Android
operating system, Journal of Supercomputing, 2014, 67(3): 738-756
[7] Aziz Benjamin, Sporea Ioana, Security and Vo Management
Capabilities in a Large-scale Grid Operating System, Computing and
Informatics, 2014, 33(2): 303-326
[8] Liu Kun, Tian Miao, Liu Tiegen, et al., A High-Efficiency Multiple
Events Discrimination Method in Optical Fiber Perimeter Security
System, Journal of Lightwave Technology, 2015, 33(23): 4885-4890
[9] Sturesson Marine, Bylund Sonya Hornqvist, Edlund Curt, Falkdal
Annie Hansen, Bernspang Birgita, Quality in sickness certificates in a
Swedish social security system perspective, Scandinavian Journal of
Public Health, 2015, 43(8): 841-847
[10] Deane J. P., Gracceva Francesco, Chiodi Alessandro, Gargiulo
Maurizio Gallachoir Brian P. O., Assessing power system security. A
framework and a multi model approach, International Journal of
Electrical Power & Energy Systems, 2015, 73: 283-297
[11] Jiang Ting, Yang Ming, Zhang Yi, Research and implementation of
M2M smart home and security system, Security and Communication
Networks, 2015, 8(16): 2704-2711

571