Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11255
HistoryFeb 01, 2006 - 12:00 a.m.

Windows Access Control Demystified

2006-02-0100:00:00
vulners.com
7

Hello everybody,

We have constructed a logical model of Windows XP access control, in a declarative but executable (Datalog)
format. We have built a scanner that reads access-control configuration information from the Windows
registry, file system, and service control manager database, and feeds raw configuration data to the model.
Therefore we can reason about such things as the existence of privilege-escalation attacks, and indeed we
have found several user-to-administrator vulnerabilities caused by misconfigurations of the access-control
lists of commercial software from several major vendors. We propose tools such as ours as a vehicle for
software developers and system administrators to model and debug the complex interactions of access control
on installations under Windows.

The full version of the paper can be found at:

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

All the vendors and CERT are aware of this paper. The bugs are not
remotely exploitable. The CERT id is VU#953860.

regards,
Sudhakar Govindavajhala and Andrew Appel.

Bio:

Sudhakar Govindavajhala is a finishing PhD student at Computer Science department, Princeton university.
His interests are computer security, operating systems and networks. Sudhakar is looking for employment
opportunities.

Andrew Appel is a Professor of Computer Science at Princeton University. He is currently on sabbatcal at
INRIA Rocquencourt. His interests are computer security, compilers, programming languages, type theory, and
functional programming.