ANALYZING ACCESS CONTROL CONFIGURATIONS

US 20080104665A1
Filed: 10/31/2006
Published: 05/01/2008
Est. Priority Date: 10/31/2006
Status: Active Grant

First Claim

Patent Images

1. A system for analyzing access control configurations, comprising:

an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata;

an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and

an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report. In various embodiments, the facility generates an information flow based on access control relations, an access control mechanism model, and an access control policy model; determines, based on the generated information flow, whether privilege escalation is possible; and when privilege escalation is possible, indicates in a vulnerability report that the privilege escalation is possible.

99 Citations

View as Search Results

20 Claims

1. A system for analyzing access control configurations, comprising:
- an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata;
  
  an access control scanner component that receives the access control metadata, determines relationships between the principals and the resources, and emits access control relations information; and
  
  an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1 wherein the access control relations are identified using a language with semantics that are similar to a Datalog language.
  - 3. The system of claim 1 wherein the access control policy model is identified using a language with semantics that are similar to a Datalog language.
  - 4. The system of claim 1 wherein the vulnerability report is provided in a hierarchical representation.
  - 5. The system of claim 1 wherein the access control inference engine further receives an access control mechanism model.
  - 6. The system of claim 5 wherein the access control mechanism model is identified using a language with semantics that are similar to a Datalog language.
  - 7. The system of claim 1 wherein the vulnerability report identifies a security vulnerability in the operating system.
  - 8. The system of claim 1 wherein the security vulnerability report identifies a reason for the vulnerability.
  - 9. The system of claim 8 wherein the vulnerability relates to a resource and the reason includes an identification of another resource.
  - 10. The system of claim 1 further comprising an access control graph viewer component that receives the vulnerability report and emits a graphical report that illustrates vulnerabilities identified by the vulnerability report.
  - 11. The system of claim 1 wherein the access control scanner component can be substituted with a different access control scanner component for use with a different operating system.
  - 12. The system of claim 11 wherein the access control mechanism model is also substituted with a different access control mechanism model corresponding to the different operating system.

13. A method performed by a computing system for analyzing access control configurations, comprising:
- receiving access control metadata;
  
  determining access control relations based on the received access control metadata;
  
  receiving an access control policy model; and
  
  analyzing the access control relations and the access control policy model to generate a vulnerability report.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13 further comprising generating a graphical view of the generated vulnerability report.
  - 15. The method of claim 13 further comprising retrieving an access control mechanism model.
  - 16. The method of claim 15 wherein the retrieving includes determining a type of operating system and selecting the access control mechanism model based on the type of operating system.
  - 17. The method of claim 15 further comprising generating an information flow wherein the information flow indicates a principal'"'"'s permissions relating to a resource derived through the principal'"'"'s permissions relating to another resource.

18. A computer-readable medium encoded with computer-executable instructions that, when executed, perform a method of analyzing access control configurations, the method comprising:
- generating an information flow based on access control relations, an access control mechanism model, and an access control policy model;
  
  determining, based on the generated information flow, whether privilege escalation is possible; and
  
  when privilege escalation is possible, indicating in a vulnerability report that the privilege escalation is possible.
- View Dependent Claims (19, 20)
- - 19. The computer-readable medium of claim 18 further comprising:
    - determining, based on the generated information flow, whether taint is possible; and
      
      when taint is possible, indicating in the vulnerability report that the taint is possible.
  - 20. The computer-readable medium of claim 18 further comprising:
    - determining, based on the generated information flow, whether integrity can be compromised; and
      
      when integrity can be compromised, indicating in the vulnerability report that the integrity can be compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schwoon, Stefan, Rajamani, Sriram K., Naldurg, Prasad G., Lambert, John

Granted Patent

US 8,266,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 2221/034 Test or assess a computer o...

ANALYZING ACCESS CONTROL CONFIGURATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANALYZING ACCESS CONTROL CONFIGURATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links