A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities

Most Windows users run all the time with Admin privileges. This significantly increases the vulnerability of Windows systems because the compromise of any user-level application becomes a system compromise. To address this problem, we present a novel tracing technique to identify the causes of least-privilege incompatibilities (i.e., application dependencies on Admin privileges). Our evaluation on a number of real-world applications shows that our tracing technique significantly helps developers fix leastprivilege incompatibilities, and can also help system administrators mitigate the impact of least-privilege incompatibilities through local system policy changes.

chen-ndss05.pdf
PDF file

In  Proceedings of Network and Distributed System Security Symposium (NDSS)

Publisher  Internet Society
Copyright © by the Internet Society. Copyright and Reprint Permissions: The Internet Society owns the copyrights for these publications. You may freely reproduce all or part of any paper for noncommercial purposes if you credit the author(s), provide notice to the Internet Society, and cite the Internet Society as the copyright owner.

Details

TypeProceedings
> Publications > A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities