Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Windows Access Control Demystified

from [sudhakar+bugtraq] Network Security [Permanent Link]
Subject: Windows Access Control Demystified
Date: 31 Jan 2006 23:08:18 -0000 

Hello everybody,

We have constructed a logical model of Windows XP access control, in a 
declarative but executable (Datalog) format.  We have built a scanner that 
reads access-control configuration information from the Windows registry, file 
system, and service control manager database, and feeds raw configuration data 
to the model.  Therefore we can reason about such things as the existence of 
privilege-escalation attacks, and indeed we have found several 
user-to-administrator  vulnerabilities caused by misconfigurations of the 
access-control lists of commercial software from several major vendors.  We 
propose tools such as  ours as a vehicle for software developers and system 
administrators to model and debug the complex interactions of access control on 
 installations under Windows.


The full version of the paper can be found at:

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf


All the vendors and CERT are aware of this paper. The bugs are *not* 
remotely exploitable. The CERT id is VU#953860.


regards,
Sudhakar Govindavajhala and Andrew Appel.

Bio:

Sudhakar Govindavajhala is a finishing PhD student at Computer Science 
department, Princeton  university. His interests are computer security, 
operating systems and networks. Sudhakar is looking for employment  
opportunities.


Andrew Appel is a Professor of Computer Science at Princeton University.  He is 
currently on sabbatcal at INRIA Rocquencourt. His interests are computer 
security, compilers, programming  languages, type theory, and  functional 
programming.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Windows Access Control Demystified, sudhakar+bugtraq <=
Previous by Date:  [Full-disclosure] CME-24/BlackWorm email notifications + top-7 unreachable AS's, Gadi Evron
Previous by Thread:  [Full-disclosure] CME-24/BlackWorm email notifications + top-7 unreachable AS's, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]