skip to main content
10.1145/1809842.1809848acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Towards analyzing complex operating system access control configurations

Published: 11 June 2010 Publication History

Abstract

An operating system relies heavily on its access control mechanisms to defend against local and remote attacks. The complexities of modern access control mechanisms and the scale of possible configurations are often overwhelming to system administrators and software developers. Therefore mis-configurations are very common and the security consequences are serious. Given the popularity and uniqueness of Microsoft Windows systems, it is critical to have a tool to comprehensively examine the access control configurations. However, current studies on Windows access control mechanisms are mostly based on known attack patterns. We propose a tool, WACCA, to systematically analyze the Windows configurations. Given the attacker's initial abilities and goals, WACCA generates an attack graph based on interaction rules. The tool then automatically generates attack patterns from the attack graph. Each attack pattern represents attacks of the same nature. The attack subgraphs and instances are also generated for each pattern. Compared to existing solutions, WACCA is more comprehensive and does not rely on manually defined attack patterns. It also has a unique feature in that it models software vulnerabilities and therefore can find attacks that rely on exploiting these vulnerabilities. We study two attack cases on a Windows Vista host and discuss the analysis results.

References

[1]
Handle. http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx.
[2]
Python for Windows extensions. http://python.net/crew/mhammond/win32/.
[3]
P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 217--224, 2002.
[4]
A. Chaudhuri, P. Naldurg, S. K. Rajamani, G. Ramalingam, and L. Velaga. EON: Modeling and analyzing dynamic access control systems with logic programs. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 381--390, 2008.
[5]
H. Chen, N. Li, and Z. Mao. Analyzing and comparing the protection quality of security enhanced operating systems. In Proceedings of the 16th Network and Distributed System Security Symposium (NDSS), 2009.
[6]
S. Chen, J. Dunagan, C. Verbowski, and Y.-M. Wang. A black-box tracing technique to identify causes of least privilege incompatibilities. In Proceedings of the Network and Distributed System Security Symposium, 2005.
[7]
S. Govindavajhala and A. W. Appel. Windows access control demystified. Technical Report TR-744-06, Department of Computer Science, Princeton University, Jan. 2006.
[8]
T. X. R. Group. The XSB programming system. http://xsb.sourceforge.net/.
[9]
J. D. Guttman, A. L. Herzog, J. D. Ramsdell, and C. W. Skorupka. Verifying information flow goals in Security-Enhanced Linux. Journal of Computer Security, 13(1):115--134, 2005.
[10]
B. Hicks, S. Rueda, L. S. Clair, T. Jaeger, and P. D.McDaniel. A logical specification and analysis for SELinux MLS policy. In Proceedings of the ACM Symposium on Access Control Models and Technologies, pages 91--100, 2007.
[11]
M. Howard. Mitigate security risks by minimizing the code you expose to untrusted users. MSDN Magazine, November 2004.
[12]
M. Howard, J. Pincus, and J. M. Wing. Measuring relative attack surfaces. In Proceedings of Workshop on Advanced Developments in Software and Systems Security, December 2003.
[13]
T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In Proceedings of the 12th USENIX Security Symposium, pages 59--74, August 2003.
[14]
T. Jaeger, X. Zhang, and F. Cacheda. Policy management using access control spaces. ACM Transactions on Information Systems Security, 6(3):327--364, 2003.
[15]
S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In In Proceedings of the 15th Computer Security Foundation Workshop, pages 49--63, 2002.
[16]
S. Lipner. The trustworthy computing security development lifecycle. In Proceedings of the 20th Annual Computer Security Applications Conference, pages 2--13, 2004.
[17]
P. K. Manadhata, K. M. C. Tan, R. A. Maxion, and J. M. Wing. An approach to measuring a system's attack surface. Technical Report CMU-CS-07-146, CMU, August 2007.
[18]
M.Miller. Modeling the trust boundaries created by securable objects. In Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies, pages 1--7, Berkeley, CA, USA, 2008. USENIX Association.
[19]
P. Naldurg, S. Schwoon, S. K. Rajamani, and J. Lambert. NETRA: Seeing through access control. In Proceedings of the 4th ACM Workshop on Formal Methods in Security Engineering, pages 55--66, 2006.
[20]
S. Noel, S. Jajodia, B. O'Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency graphs. In Proceedings of the 19th Annual Computer Security Applications Conference, page 86, 2003.
[21]
NSA. Security Enhanced Linux. http://www.nsa.gov/selinux/.
[22]
X. Ou, W. F. Boyer, and M. A. McQueen. A scalable approach to attack graph generation. In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 336--345, 2006.
[23]
X. Ou, S. Govindavajhala, and A. W. Appel. MulVAL: A logic-based network security analyzer. In Proceedings of the 14th USENIX Security Symposium, Aug. 2005.
[24]
C. R. Ramakrishnan and R. Sekar. Model-based analysis of configuration vulnerabilities. Journal of Computer Security, 10(1-2):189--209, 2002.
[25]
R. W. Reeder, L. Bauer, L. F. Cranor, M. K. Reiter, K. Bacon, K. How, and H. Strong. Expandable grids for visualizing and authoring computer security policies. In Proceeding of the 26th Annual SIGCHI Conference on Human Factors in Computing Systems, pages 1473--1482, 2008.
[26]
R.W. Reeder, P. G. Kelley, A.M.McDonald, and L. F. Cranor. A user study of the expandable grid applied to P3P privacy policy visualization. In Proceedings of the 7th ACM workshop on Privacy in the Electronic Society, pages 45--54, 2008.
[27]
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 273--284, 2002.
[28]
Tresys technology, SETools - Policy analysis tools for SELinux. http://oss.tresys.com/projects/ setools.

Cited By

View all
  • (2023)Formal Analysis of Access Control Mechanism of 5G Core NetworkProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623113(666-680)Online publication date: 15-Nov-2023
  • (2019)Evaluating and comparing the quality of access control in different operating systemsComputers and Security10.1016/j.cose.2014.05.00147:C(26-40)Online publication date: 1-Jan-2019
  • (2015)Operating System Security Policy Hardening via Capability Dependency GraphsInformation Security Practice and Experience10.1007/978-3-319-17533-1_1(3-17)Online publication date: 2015
  • Show More Cited By

Index Terms

  1. Towards analyzing complex operating system access control configurations

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
    June 2010
    212 pages
    ISBN:9781450300490
    DOI:10.1145/1809842
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 11 June 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. access control
    2. attack graph
    3. operating systems

    Qualifiers

    • Research-article

    Conference

    SACMAT'10
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)10
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 13 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)Formal Analysis of Access Control Mechanism of 5G Core NetworkProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623113(666-680)Online publication date: 15-Nov-2023
    • (2019)Evaluating and comparing the quality of access control in different operating systemsComputers and Security10.1016/j.cose.2014.05.00147:C(26-40)Online publication date: 1-Jan-2019
    • (2015)Operating System Security Policy Hardening via Capability Dependency GraphsInformation Security Practice and Experience10.1007/978-3-319-17533-1_1(3-17)Online publication date: 2015
    • (2014)A Network Security Risk Computation Approach Based on Attack GraphsApplied Mechanics and Materials10.4028/www.scientific.net/AMM.644-650.3174644-650(3174-3177)Online publication date: Sep-2014
    • (2013)Quantitatively Measure Access Control Mechanisms across Different Operating SystemsProceedings of the 2013 IEEE 7th International Conference on Software Security and Reliability10.1109/SERE.2013.12(50-59)Online publication date: 18-Jun-2013
    • (2013)Measuring and Comparing the Protection Quality in Different Operating SystemsNetwork and System Security10.1007/978-3-642-38631-2_51(642-648)Online publication date: 2013
    • (2013)Modeling and Checking the Security of DIFC System ConfigurationsAutomated Security Management10.1007/978-3-319-01433-3_2(21-38)Online publication date: 17-Sep-2013
    • (2012)A Cost-Effective Intelligent Configuration Model in Cloud ComputingProceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops10.1109/ICDCSW.2012.46(400-408)Online publication date: 18-Jun-2012

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media