Dana Epp's ramblings at the Sanctuary: Windows Access Control Demystified


« Preventing Exchange from sending RTF messages (and winmail.dat) to mailing lists \| Main \| Caveat Lector: Authentication, the Forgotten, Should-be Predominant » January 31, 2006 Windows Access Control Demystified I just came across an interesting paper being published out of Princton in which the authors have constructed a logical model of Windows XP access control, in a declarative but executable format. They have even built a simple scanner that reads access-control conguration information from the Windows registry, file system, and service control manager database, and feeds raw configuration data to the model. Through this, they believe they can reason about such things as the existence of privilege-escalation attacks, and they believe that they have even found several user-to-administrator vulnerabilities caused by misconfiguration of the access-control lists of commercial software from several major vendors. It is an interesting approach. I will need to spend a bit more time analyzing what they have done here in an effort to see what it is that they believe they are able to do. It seems that this might be an interesting way to to model and debug the complex interactions of access control on installations under Windows environments. Their words... not mine. Interesting none the less. Happy reading! Posted by SilverStr at January 31, 2006 05:40 PM \| TrackBack Comments Hello Dana, I see you have a blog where you talk about different web technologies, I thought you might be interested in a new search engine called Dumbfind. Dumbfind automatically tags the web and allows you to search on both keywords and tags. Dumbfind will also display related tag clusters in a tag cloud format that you can use to refine a search. It is a new and interesting way to search, please check it out! www.dumbfind.com Dumbfind in the press www.dumbfind.com/corp/press If you have any feedback, you can send it directly to the CEO: info@dumbfind.com thanks! KT PR Intern Dumbfind Inc Posted by: KT at February 1, 2006 03:57 PM I think you mean Princeton, not Princton. :) I always wanted to know how to exploit Power User access so you can elevate yourself to an Administrator. All the old tricks using the AT command don't seem to work in SP2 unless I'm doing something wrong. It would be nice to exploit this to show people why giving Power User access to regular users is a really bad idea. Adam Posted by: Adam at February 1, 2006 06:43 PM Post a comment Name: Email Address: URL: Remember personal info? YesNo Comments:		My 5 Favorite Books Writing Secure Code Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind My 5 Favorite Papers Smashing the Stack Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides Archives February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 GeoURL

January 31, 2006

Windows Access Control Demystified