[cap-talk] "Windows Access Control Demystified"

Fred Spiessens f.spiessens at 4c.ucc.ie
Wed Feb 1 04:10:37 EST 2006 

Toby,

thanks, this work looks interesting indeed and seems to be related to  
mine. I'll read it asap.

BTW, we aim for a first release of the online version of the SCOLLAR  
tool in the coming weeks.
The tool will available at http://www.info.ucl.ac.be/people/fsp/ 
scollar.html

A simplistic (and buggy and non-robust) alpha version can be found  
there now, but I would not advise using it for anything but really  
simple patterns as it is very sensitive to errors in the  
specification of a pattern and provides no feedback. The official  
release will come with more functionality, decent documentation and a  
better user interface.

Fred.

On 01 Feb 2006, at 01:56, Toby Murray wrote:

> A paper that came across bugtraq today that some here may find  
> interesting
> http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
>
> (the original message is at http://www.seclists.org/lists/bugtraq/ 
> 2006/Jan/0518.html)
>
> I haven't read the paper yet but it appears to be on automatic  
> reasoning about windows access control policy configurations, to  
> detect vulnerabilities. It might be a good comparison to Fred  
> Spiessens work on analysing capability patterns. It has particular  
> relevance because it's been applied to a real world system that's  
> in alarmingly high use and has detected some actual  
> vulnerabilities, apparently.
>
>
> from the abstract
>
> "... We have constructed a logical model of Windows XP access  
> control, in a declarative but executable
> (Datalog) format. We have built a scanner that reads access-control  
> conguration information from the
> Windows registry, le system, and service control manager database,  
> and feeds raw conguration data
> to the model. Therefore we can reason about such things as the  
> existence of privilege-escalation attacks,
> and indeed we have found several user-to-administrator  
> vulnerabilities caused by miscongurations of
> the access-control lists of commercial software from several major  
> vendors. We propose tools such as
> ours as a vehicle for software developers and system administrators  
> to model and debug the complex
> interactions of access control on installations underWindows."
>
> -- 
> Toby Murray
> Advanced Computer Capabilities Group
> Information Networks Division
> DSTO, Australia
>
> IMPORTANT: This e-mail remains the property of the Australian Defence
> Organisation and is subject to the jurisdiction of section 70 of the
> Crimes Act 1914. If you have received this e-mail in error, you are
> requested to contact the sender and delete the e-mail.
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list