Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Windows Access Control Demystified Sudhakar Govindavajhala and Andrew W. Appel

Summary: Windows Access Control Demystified
Sudhakar Govindavajhala and Andrew W. Appel
Princeton University
January 31, 2006
In the Secure Internet Programming laboratory at Princeton University, we have been investigating
network security management by using logic programming. We developed a rule based framework --
Multihost, Multistage, Vulnerability Analysis(MulVAL) -- to perform end-to-end, automatic analysis
of multi-host, multi-stage attacks on a large network where hosts run different operating systems. The
tool finds attack paths where the adversary will have to use one or more than one weaknesses (buffer
overflows) in multiple software to attack the network. The MulVAL framework has been demonstrated
to be modular, flexible, scalable and efficient [20]. We applied these techniques to perform security
analysis of a single host with commonly used software.
We have constructed a logical model of Windows XP access control, in a declarative but executable
(Datalog) format. We have built a scanner that reads access-control configuration information from the
Windows registry, file system, and service control manager database, and feeds raw configuration data
to the model. Therefore we can reason about such things as the existence of privilege-escalation attacks,
and indeed we have found several user-to-administrator vulnerabilities caused by misconfigurations of
the access-control lists of commercial software from several major vendors. We propose tools such as


Source: Appel, Andrew W. - Department of Computer Science, Princeton University


Collections: Computer Technologies and Information Sciences