ANALYZING ACCESS CONTROL CONFIGURATIONS

US 20130067583A1
Filed: 09/11/2012
Published: 03/14/2013
Est. Priority Date: 10/31/2006
Status: Active Grant

First Claim

Patent Images

1-17. -17. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report. In various embodiments, the facility generates an information flow based on access control relations, an access control mechanism model, and an access control policy model; determines, based on the generated information flow, whether privilege escalation is possible; and when privilege escalation is possible, indicates in a vulnerability report that privilege escalation is possible.

13 Citations

View as Search Results

37 Claims

1-17. -17. (canceled)

18. A computer-readable storage medium encoded with computer-executable instructions that, when executed, perform a method of analyzing access control configurations, the method comprising:
- generating an information flow based on access control relations, an access control mechanism model, and an access control policy model;
  
  determining, based on the generated information flow, whether privilege escalation is possible; and
  
  when privilege escalation is possible, indicating in a vulnerability report that the privilege escalation is possible.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The computer-readable storage medium of claim 18 further comprising:
    - determining, based on the generated information flow, whether taint is possible; and
      
      when taint is possible, indicating in the vulnerability report that the taint is possible.
  - 20. The computer-readable storage medium of claim 18 further comprising:
    - determining, based on the generated information flow, whether integrity can be compromised; and
      
      when integrity can be compromised, indicating in the vulnerability report that the integrity can be compromised.
  - 21. The computer-readable storage medium of claim 18 wherein the information flow identifies relationships between principals and resources.
  - 22. The computer-readable storage medium of claim 18 wherein the access control policy model defines system security policies.
  - 23. The computer-readable storage medium of claim 18 wherein the access control mechanism model comprises an operating system-specific component identifying resources and principals, and a component that is general across several operating systems.
  - 24. The computer-readable storage medium of claim 23 wherein:
    - the operating system-specific component receives the access control relations and emits a relationship dataset; and
      
      the component that is general across several operating systems receives the relations dataset and emits the information flow.
  - 25. The computer-readable storage medium of claim 18 wherein the vulnerability report is provided in a hierarchical representation, identifies a security vulnerability in the operating system, or identifies a reason for a vulnerability.
  - 26. The computer-readable storage medium of claim 18 wherein the method further comprises receiving the vulnerability report at a access control graph viewer component and emitting a graphical report that illustrates vulnerabilities identified by the vulnerability report.

27. A method of analyzing access control configurations, the method comprising:
- generating an information flow based on access control relations, an access control mechanism model, and an access control policy model;
  
  determining, based on the generated information flow, whether privilege escalation is possible; and
  
  when privilege escalation is possible, indicating in a vulnerability report that privilege escalation is possible.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The method of claim 27 wherein the information flow identifies relationships between principals and resources.
  - 29. The method of claim 27 wherein the access control policy model defines system security policies.
  - 30. The method of claim 27 wherein the access control mechanism model comprises an operating system-specific component identifying resources and principals, and a component that is general across several operating systems.
  - 31. The method of claim 30 further comprising:
    - receiving, by the operating system-specific component, the access control relations and emitting a relationship dataset; and
      
      receiving, by the component that is general across several operating systems, the relations dataset and emitting the information flow.

32. A system for analyzing access control configurations, the system comprising:
- at least one memory and at least one processor;
  
  an operating system having resources and identifications of principals;
  
  an information flow component configured to generate an information flow based on access control relations, an access control mechanism model, and an access control policy model;
  
  an escalation checking component configured to determine, based on the generated information flow, whether privilege escalation is possible; and
  
  a vulnerability report generator configured to, when privilege escalation is possible, generate a vulnerability report indicating that privilege escalation is possible.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The system of claim 32 wherein the information flow identifies one or more relationships between at least one of the principals and at least one of the resources.
  - 34. The system of claim 32 wherein the access control policy model defines system security policies.
  - 35. The system of claim 32 wherein the access control mechanism model comprises an operating system-specific component identifying resources and principals, and a component that is general across several operating systems.
  - 36. The system of claim 32 wherein:
    - the operating system-specific component receives the access control relations and emits a relationship dataset; and
      
      the component that is general across several operating systems receives the relations dataset and emits the information flow.
  - 37. The system of claim 32 wherein the escalation checking component further determines, based on the generated information flow, that taint is possible or that integrity can be compromised;
    - andthe vulnerability report generator indicates in the vulnerability report that taint is possible or that integrity can be compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Naldurg, Prasad G., Rajamani, Sriram K., Schwoon, Stefan, Lambert, John

Granted Patent

US 8,701,200 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 2221/034 Test or assess a computer o...

ANALYZING ACCESS CONTROL CONFIGURATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

ANALYZING ACCESS CONTROL CONFIGURATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links