Securing users’ endpoint devices is a highly important part of organizations’ overall security posture. The vast majority of cyber attacks either begin with endpoint compromise or use it as an effective method for lateral movement and privilege escalation. In this article we propose a new methodology for quantitatively assessing the overall security provided by operating systems, based on implemented mitigations of MITRE ATT&CK techniques. The proposed approach enables reproducible scenario-based comparisons of operating system security and can support security-oriented decision-making in organizational endpoint protection strategies. Moreover, it allows for quantitative assessment of operating systems under specific cyber attack scenarios, expressed as collections of adversaries’ utilized ATT&CK techniques, facilitating comparison across multiple operating systems under identical scenarios. We apply this methodology to Qubes OS and Windows 11, showcasing measurable differences in how both operating systems mitigate cyber threats.
Kapera et al. (Thu,) studied this question.