2016 Eighth International Conference on Measuring Technology and Mechatronics Automation
Research on the Security Problem in Windows 7 Operating System
Fan Yile
Hainan vocational college of political science and law institute, Haikou 571100 China
Fyl2016ieee@163.com
Abstract—Windows 7 is a personal computer operating system
developed by Microsoft Corporation, and it belongs to
Windows NT family. This paper concentrates on the topic of
analyzing the security level of Windows 7 Operating System,
and security level of the information system highly depends on
the operating system. To estimate the security grade of
Windows 7 operating system, we use the graph model to
describe the relationships between vulnerabilities. In the
proposed graph model, AND Structure and OR Structure are
exploited. To testify the performance of the proposed security
evaluation method, we collect 1358 Windows vulnerabilities to
construct a dataset. In our experiment, Windows 98, Windows
2000, Windows XP and Windows 7 are utilized, and three
different types of user are applied, that is, distributed users,
trusted users, and regular users. Experimental results
demonstrate that Window 7 achieve higher security level than
the former Windows version.
Keywords- Security problem, Windows 7, Operating system,
Graph model.
I. INTRODUCTION
With the rapid development of computer and network
technology, information security has been a crucial problem
in computer security management. Furthermore, security
level of the information system highly depends on the
operating system[1][2]. Thus, evaluating security of the
operating system is of great importance for information
security and operating system research. Operating system
refers to a kind of basic software which can solve the
computer hardware directly[3][4]. The security level of
operating system denotes the basic element of other
application software securities. Without this safe foundation,
application systems and security systems cannot satisfy
some basic guarantee. In the environment of the network,
the security highly depends on each host computer system
in it. Without security of the operating system, there are no
securities of host computer systems. Hence, the security of
operating system significantly affects all the computer
system[5].
Along with the important information networks
interconnected with Internet (such as the finance,
government affairs, commercial affairs, and Internet),
computer operating system has played an important role in
politics and economy management. At the same time, the
2157-1481/15 $31.00 © 2015 IEEE
DOI 10.1109/ICMTMA.2016.139
above important information network systems should tackle
the threats of hacker’s invasion[7][8]. In recent years,
Internet is widely exploited in contemporary social fife, and
then people pay more and more attentions to the security
problem of operating system. Moreover, operating system is
regarded as a bridge between hardware and upper layer
software, and security of operating system is a crucial
component of the entire information security system[9].
In order to avoid network threat and attack, we should
propose effective security mechanism to protect and defend
network threats. A good operating system should present
enough safe protection to the information resources, and
then prevent the abuse of the unauthorized users[10][11]. In
this paper, we aim to study on the security problem in
windows 7 operating system.
The rest of the paper is organized as follows. Section 2
illustrates Overview of Microsoft Windows 7. In section 3,
we propose a method to evaluate the security of windows 7
operating system. Section 4 gives experimental results and
related analysis. Finally, the conclusions are drawn in
section 5.
II. OVERVIEW OF MICROSOFT WINDOWS 7
Windows 7 refers to a personal computer operating
system developed by Microsoft Corporation, and it belongs
to a part of the Windows NT family of operating systems.
In particular, Windows 7 was released to the software
market at 22 July 2009. Furthermore, Windows 7 is
designed and implemented to be an incremental upgrade to
the former Windows version - Windows Vista, and strongly
maintains its hardware and software compatibility.
Windows 7 continued improvements user interface with the
addition of a redesigned taskbar.
On the other hand, some new features are introduced in
Windows 7, such as libraries, and a new file sharing system.
Particularly, a new Action Center is proposed to give an
overview of system security and maintenance information.
In Windows 7, some stock applications are updated, such as
Internet Explorer 8, Windows Media Player, and Windows
Media Center and so on. Different from Windows Vista,
Windows 7 performs better than its former version. In
general, Windows 7 is a successful product for Microsoft.
568
 Table. 1 Basic settings of Microsoft Windows 7 where Vt . X .Pc means the threat of consequence privilege
Attribute Value set of V on X , and Vh . X .Pp is the threat of premise

General privilege set for Vh on X .

22 October 2009
availability Then, the security risk is defined as follows.
Latest release Service Pack 1 (6.1.7601)
SR  X ,Vh  Vm  Vt 
Update method Windows Update

Platforms IA-32 and x86-64

 ST  X , Vh  Vm  Vt 

i h , m ,t
Vi
E (2)

Kernel type Hybrid

where symbol E means the attack complexity of Vi
License Proprietary commercial software Afterwards, we calculate the risk of a vulnerability
(denoted as  ) on X as follows.
Preceded by Windows Vista (2007)

Succeeded by Windows 8   X ,V   max  S  X , i)  , i vuV  (3)

where function S  denotes the security risk level, and

vuV refers to all correlative elements in the vulnerability
III. EVALUATING THE SECURITY OF WINDOWS 7
chain which is headed by V .
OPERATING SYSTEM
The objective security risk level (denoted as ) on X is
computed as follows.
In order to evaluate the security of Windows 7 operating
system, we utilize the graph model to describe the
relationships between vulnerabilities. In our graph model, TypeOS ,U   T1 , T2 ,L Tp  (4)
“AND Structure” and “OR Structure” are contained, where

 
AND-Structure refers to the precondition of estimating the
vulnerability v attack vi . Meanwhile, the OR Structure Ti . X  max  X ,V  TypeOS I V .Pp  U (5)
i

refers to that if there is a vi which is utilized successfully,

attackers is able to try to use next successive vulnerability
v . Afterwards, we assume that there is a graph
G  V , E  , where V denotes a set of vulnerabilities,
and E is a set of directed edges. Next, we divide graph G
to several parts, which refer to different operating systems.
Thus, vi  v j  vk refers to a vulnerability chain from
vi to vk .
In order to compute the security level of Windows 7, we
define the security level of a vulnerability for a correlative
chain as follows.
For a vulnerability chain Vh  Vm  Vt on the
attribute, the security threat is defined as follows.
IV. EXPERIMENT
To test the performance of our security evaluation
method, we collect 1358 Windows vulnerabilities in the
Bugtraq dataset. We construct a graph model to describe the
security estimating problem in various versions of Windows,
including: Windows 98, Windows 2000, Windows XP and
Windows 7. That is, TypeOS  {Windows 98, Windows
2000, Windows XP and Windows 7}. Moreover, three types
of testing users are used, that is, U  {Distributed users,
Trusted users, and Regular users}. The number of
vulnerabilities for different types of Windows versions is
listed in Fig. 1.

ST  X ,Vh  Vm  Vt 
(1)
 Vt . X .Pc  Vh . X .Pp  X C ,U , A

569
 0.7
Confidentiality
1000
0.6 Authenticity
900
Availability
Number of vulnerabilities

800 0.5

700 0.4
600
0.3
500
0.2
400
300 0.1

200 0
100 Windows 98 Windows NT Windows Windows XP Windows 7
2000
0
Windows Windows Windows Windows Windows Figure 3. Risk sum of vulnerabilities for distributed users,
98 NT 2000 XP 7

Figure 1. Number of vulnerabilities for different types of Windows Confidentiality Authenticity Availability
versions
1

Fig. 1 demonstrates that Windows 7 performs better than 0.95

others, because the number of vulnerabilities for Windows 7
is lower than others. 0.9

Then, risk sum of vulnerabilities for different types of

0.85
Windows versions are given as follows.
0.8

0.9 Confidentiality
0.75
0.8 Authenticity Windows 98 Windows NT Windows Windows XP Windows 7
0.7 Availability 2000

0.6 Figure 4. Risk sum of vulnerabilities for trusted users

0.5

0.4

0.3 1 Confidentiality
0.2 0.9 Authenticity
0.1 0.8 Availability
0 0.7
Windows 98 Windows NT Windows Windows XP Windows 7 0.6
2000
0.5
Figure 2. Risk sum of vulnerabilities for different types of Windows 0.4
versions 0.3
0.2
0.1
From Fig. 2, we can see that for all performance
0
evaluation metric confidentiality, authenticity and Windows 98 Windows NT Windows Windows XP Windows 7
availability, Windows 7 can achieve higher level of system 2000
security than others.
Figure 5. Risk sum of vulnerabilities for regular users.

From Fig. 3 to Fig. 5, we find that for Distributed users,

Trusted users, and Regular users, security level of Windows
7 is higher than the former Windows versions.

570
 V. CONCLUSION

In this paper, we study on the security problems of

Windows 7 operating system. Particularly, in order to
evaluate the security grade of Windows 7 operating system,
we develop the graph model to mine the correlations
between different vulnerabilities, and we design AND
Structure and OR Structure to model the security evaluation
problem. Finally, experimental results can prove that
compared with the former windows version, Window 7
achieve higher security performance.

REFERENCE

[1] Barasa Maulidi, Aganda Alex, Wind power variability of selected

sites in Kenya and the impact to system operating reserve, Renewable
Energy, 2016, 85: 464-471
[2] Kvalnes Age, Johansen Dag, van Renesse Robbert, Schneider Fred B.,
Valvag Steffen Viken, Omni-Kernel: An Operating System
Architecture for Pervasive Monitoring and Scheduling, IEEE
Transactions on Parallel and Distributed Systems, 2015, 26(10):
2849-2862
[3] Hsu Fu-Hau, Wu Min-Hao, Chang Yi-Wen, Wang Shiuh-Jeng, Web
security in a windows system as PrivacyDefender in private browsing
mode, Multimedia Tools and Applications, 2015, 74(5): 1667-1688.
[4] Salah Khaled, Alcaraz Calero Jose M., Bernabe Jorge Bernal, Perez
Juan M. Marin, Zeadally Sherali, Analyzing the security of Windows
7 and Linux for cloud computing, Computers & Security, 2013, 34:
113-122.
[5] Kaczmarek Jerzy, Wrobel Michal R., Operating system security by
integrity checking and recovery using write-protected storage, IET
Information Security, 2014, 8(2): 122-131
[6] Lee Chanhee, Kim Jonghwa, Cho Seong-je, Choi Jongmoo, Park
Yeongung, Unified security enhancement framework for the Android
operating system, Journal of Supercomputing, 2014, 67(3): 738-756
[7] Aziz Benjamin, Sporea Ioana, Security and Vo Management
Capabilities in a Large-scale Grid Operating System, Computing and
Informatics, 2014, 33(2): 303-326
[8] Liu Kun, Tian Miao, Liu Tiegen, et al., A High-Efficiency Multiple
Events Discrimination Method in Optical Fiber Perimeter Security
System, Journal of Lightwave Technology, 2015, 33(23): 4885-4890
[9] Sturesson Marine, Bylund Sonya Hornqvist, Edlund Curt, Falkdal
Annie Hansen, Bernspang Birgita, Quality in sickness certificates in a
Swedish social security system perspective, Scandinavian Journal of
Public Health, 2015, 43(8): 841-847
[10] Deane J. P., Gracceva Francesco, Chiodi Alessandro, Gargiulo
Maurizio Gallachoir Brian P. O., Assessing power system security. A
framework and a multi model approach, International Journal of
Electrical Power & Energy Systems, 2015, 73: 283-297
[11] Jiang Ting, Yang Ming, Zhang Yi, Research and implementation of
M2M smart home and security system, Security and Communication
Networks, 2015, 8(16): 2704-2711

571