Towards Analyzing Complex Operating System Access Control Configurations

摘要

An operating system relies heavily on its access control mechanisms to defend against local and remote attacks. The complexities of modern access control mechanisms and the scale of possible configurations are often overwhelming to system administrators and software developers. Therefore mis-configurations are very common and the security consequences are serious. Given the popularity and uniqueness of Microsoft Windows systems, it is critical to have a tool to comprehensively examine the access control configurations. However, current studies on Windows access control mechanisms are mostly based on known attack patterns. We propose a tool, WACCA, to systematically analyze the Windows configurations. Given the attacker's initial abilities and goals, WACCA generates an attack graph based on interaction rules. The tool then automatically generates attack patterns from the attack graph. Each attack pattern represents attacks of the same nature. The attack subgraphs and instances are also generated for each pattern. Compared to existing solutions, WACCA is more comprehensive and does not rely on manually defined attack patterns. It also has a unique feature in that it models software vulnerabilities and therefore can find attacks that rely on exploiting these vulnerabilities. We study two attack cases on a Windows Vista host and discuss the analysis results.