[Full-disclosure] Windows Access Control Demystified.
lucianobellou at gmail.com
Wed Feb 1 05:00:20 GMT 2006
Interesting, very interesting. I'll take a look
(new in the list)
2006/1/31, sudhakar+fulldisclosure at cs.princeton.edu <
sudhakar+fulldisclosure at cs.princeton.edu>:
> Hello everybody,
> We have constructed a logical model of Windows XP access control, in a
> declarative but executable (Datalog) format. We have built a scanner
> that reads access-control configuration information from the Windows
> registry, file system, and service control manager database, and feeds
> raw configuration data to the model. Therefore we can reason about
> such things as the existence of privilege-escalation attacks, and
> indeed we have found several user-to-administrator vulnerabilities
> caused by misconfigurations of the access-control lists of commercial
> software from several major vendors. We propose tools such as ours as
> a vehicle for software developers and system administrators to model
> and debug the complex interactions of access control on installations
> under Windows.
> The full version of the paper can be found at:
> All the vendors and CERT are aware of this paper. The bugs are *not*
> remotely exploitable. The CERT id is VU#953860.
> Sudhakar Govindavajhala and Andrew Appel.
> Sudhakar Govindavajhala is a finishing PhD student at Computer Science
> department, Princeton University. His interests are computer security,
> operating systems and networks. Sudhakar is looking for employment
> Andrew Appel is a Professor of Computer Science at Princeton University.
> He is currently on sabbatcal at INRIA Rocquencourt. His interests are
> computer security, compilers, programming languages, type theory, and
> functional programming.
> Sudhakar Govindavajhala Department of Computer Science
> Graduate Student, Princeton University
> Ph : +1 609 258 1763
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.