邪恶八进制信息安全团队技术讨论组 » 操作系统应用{ Operating Systems } » 视窗系统[ Windows ] » [转载]Windows Access Control Demystified [查看完整版本]

EvilOctal 2006-2-9 21:05

[转载]Windows Access Control Demystified

信息来源：[url]http://www.cs.princeton.edu/~sudhakar/[/url]

We have constructed a logical model of Windows XP access control, in a declarative but executable (Datalog) format. We have built a scanner that reads access-control conguration information from the Windows registry, le system, and service control manager database, and feeds raw conguration data to the model. Therefore we can reason about such things as the existence of privilege-escalation attacks, and indeed we have found several user-to-administrator vulnerabilities caused by miscongurations of the access-control lists of commercial software from several major vendors. We propose tools such as ours as a vehicle for software developers and system administrators to model and debug the complex interactions of access control on installations underWindows.

查看完整版本: [转载]Windows Access Control Demystified

© 1999-2008 EvilOctal Security Team