Analyzing access control configurations
First Claim
1. A computer-readable memory device encoded with computer-executable instructions that, when executed, perform a method of analyzing access control configurations, the method comprising:
- generating an information flow based on access control relations, an access control mechanism model, and an access control policy model, wherein the information flow comprises inferred read, write, and execute relations between one or more principals and one or more resources, the inferred read, write, and execute relations determined by processing the access control relations according to functions of the access control mechanism model;
determining, based on applying functions of the access control policy model to the inferred read, write, and execute relations of the generated information flow, whether privilege escalation is possible; and
when privilege escalation is possible, indicating in a vulnerability report that the privilege escalation is possible;
wherein the vulnerability report comprises one or more hierarchical structures, and wherein each hierarchical structure comprises;
a root element identifying a potential privilege escalation with a corresponding type, resource, and principal; and
a derivation comprising one or more non-root elements that are descendants of the root element and identify the source of each of the type, resource, and principal.
1 Assignment
0 Petitions
Accused Products
Abstract
A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report. In various embodiments, the facility generates an information flow based on access control relations, an access control mechanism model, and an access control policy model; determines, based on the generated information flow, whether privilege escalation is possible; and when privilege escalation is possible, indicates in a vulnerability report that privilege escalation is possible.
63 Citations
20 Claims
-
1. A computer-readable memory device encoded with computer-executable instructions that, when executed, perform a method of analyzing access control configurations, the method comprising:
-
generating an information flow based on access control relations, an access control mechanism model, and an access control policy model, wherein the information flow comprises inferred read, write, and execute relations between one or more principals and one or more resources, the inferred read, write, and execute relations determined by processing the access control relations according to functions of the access control mechanism model; determining, based on applying functions of the access control policy model to the inferred read, write, and execute relations of the generated information flow, whether privilege escalation is possible; and when privilege escalation is possible, indicating in a vulnerability report that the privilege escalation is possible; wherein the vulnerability report comprises one or more hierarchical structures, and wherein each hierarchical structure comprises; a root element identifying a potential privilege escalation with a corresponding type, resource, and principal; and a derivation comprising one or more non-root elements that are descendants of the root element and identify the source of each of the type, resource, and principal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of analyzing access control configurations, the method comprising:
-
generating an information flow based on access control relations, an access control mechanism model, and an access control policy model, wherein the information flow comprises inferred read, write, and execute relations between one or more principals and one or more resources, the inferred read, write, and execute relations determined by processing the access control relations according to functions of the access control mechanism model; determining, based on applying functions of the access control policy model to the inferred read, write, and execute relations of the generated information flow, whether privilege escalation is possible; and when privilege escalation is possible, indicating in a vulnerability report that privilege escalation is possible; wherein the vulnerability report comprises one or more hierarchical structures, and wherein each hierarchical structure comprises; a root element identifying a potential privilege escalation with a corresponding type, resource, and principal; and a derivation comprising one or more non-root elements that are descendants of the root element and identify the source of each of the type, resource, and principal. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for analyzing access control configurations, the system comprising:
-
at least one memory and at least one processor; an operating system having resources and identifications of principals; an information flow component configured to generate an information flow based on access control relations, an access control mechanism model, and an access control policy model, wherein the information flow comprises inferred read, write, and execute relations between one or more principals and one or more resources, the inferred read, write, and execute relations determined by processing the access control relations according to functions of the access control mechanism model; an escalation checking component configured to determine, based on applying functions of the access control policy model to the inferred read, write, and execute relations of the generated information flow, whether privilege escalation is possible; and a vulnerability report generator configured to, when privilege escalation is possible, generate a vulnerability report indicating that privilege escalation is possible; wherein the vulnerability report comprises one or more hierarchical structures, and wherein each hierarchical structure comprises; a root element identifying a potential privilege escalation with a corresponding type, resource, and principal; and a derivation comprising one or more non-root elements that are descendants of the root element and identify the source of each of the type, resource, and principal. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification