×

Analyzing access control configurations

  • US 9,213,843 B2
  • Filed: 04/15/2014
  • Issued: 12/15/2015
  • Est. Priority Date: 10/31/2006
  • Status: Active Grant
First Claim
Patent Images

1. A system for analyzing access control, the system comprising:

  • at least one memory;

    at least one processor;

    an operating system having resources and principals;

    an information flow comprising inferred read, write, and execute relations between one or more of the principals and one or more of the resources;

    an escalation checker configured to determine, based on applying an access control policy model to the inferred read, write, and execute relations of the generated information flow, that one or more privilege escalations are possible; and

    a vulnerability report indicating that one or more privilege escalations are possible;

    wherein the vulnerability report comprises one or more hierarchical structures, and wherein each hierarchical structure comprises;

    a root element identifying a privilege escalation of the one or more privilege escalations; and

    a derivation comprising one or more non-root elements that are descendants of the root element and identify a source of each of the privilege escalations.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×