A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities

Shuo Chen, John Dunagan, Chad Verbowski, and Yi-Min Wang

Abstract

Most Windows users run all the time with Admin privileges. This significantly increases the vulnerability of Windows systems because the compromise of any user-level application becomes a system compromise. To address this problem, we present a novel tracing technique to identify the causes of least-privilege incompatibilities (i.e., application dependencies on Admin privileges). Our evaluation on a number of real-world applications shows that our tracing technique significantly helps developers fix leastprivilege incompatibilities, and can also help system administrators mitigate the impact of least-privilege incompatibilities through local system policy changes.

Details

Publication typeProceedings
Published inProceedings of Network and Distributed System Security Symposium (NDSS)
PublisherInternet Society
> Publications > A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities