Presentation is loading. Please wait.

Presentation is loading. Please wait.

Execution with Unnecessary Privileges

Published byJoseph Oliver Modified over 6 years ago

Similar presentations

Presentation on theme: "Execution with Unnecessary Privileges"— Presentation transcript:

1 Execution with Unnecessary Privileges
Aaron Pecora CSCE 548 Student Presentation

2 Execution with Unnecessary Privileges
Aaron Pecora CSCE 548 Student Presentation

3 Our Agenda Technical overview of the problem Examples
Detection Methods and Avoidance of error Conclusion References

4 The Technical The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses Means this opens up other weaknesses. Also this vulnerability is more of a design flaw than a code bug. It can lead to other vulnerabilities being taken advantage of.

5 This allows access to higher level resources
So… What does that mean? A user runs a program, but it uses higher level access than required such as administrator or root This allows access to higher level resources Now they can use that level to conduct malicious activities Scope Effect Confidentiality Integrity Availability Access Control Technical Impact: Gain privileges / assume identity; Execute unauthorized code or commands; Read application data; DoS: crash / exit / restart An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data.

6 One more time… “Don’t give someone your house keys, just because they need to cut your grass.” Scope Effect Confidentiality Integrity Availability Access Control Technical Impact: Gain privileges / assume identity; Execute unauthorized code or commands; Read application data; DoS: crash / exit / restart An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data.

7 How and why does it happen?
Usually a flaw In architecture In design Operation requires a privilege elevation Program does not lower privilege Intentional or unintentional work around the programmer’s lowering of privilege Languages Language-independent Architectural Paradigms Mobile Application HOW: Both unintentional: In architecture (between OS and software) In design (programming flow logic) WHY: Operation requires a privilege elevation (temporary) Program does not lower privilege after the operation requiring elevation Also some unforeseen input or conditions cause a case where the lowering operation is not called. Could be combined with other malicious attacks to have this effect (of maintaining elevated privilege)

8 The Fallout An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data. Technical Impact: Gain privileges / assume identity; Execute unauthorized code or commands; Read application data; DoS: crash / exit / restart

9 Example in Python Example Language: Python
def makeNewUserDir(username): if invalidUsername(username): print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return True While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur.

10 Example, Career experience
A Software application became system independent and was ported to User machines One machine now allowed multiple accounts Software application creates one local repository to quickly access information

11 Example, Career experience
Original user is only one with write access, disallowing other users to write to local repository Software developer elevated rights with software application Security Software detected prolonged elevated rights on the machines

12 Not everyone can be an administrator… (How can we avoid this?)
Architecture and Design Run code at lowest level Identify functionality that require elevated privileges Implementation Determine minimum access levels necessary Explicitly allow only required actions, while denying everything else. Operations Create isolated accounts with limited privileges During Design, specifically identifying what operations require elevated privileges can allow programmers to be cognizant of the function and now properly allow can remove such privileges and ensure the removal is always properly followed ASAP. Create accounts with limited privileges – by doing so if attacker is successful on this account, vulnerability is limited.

13 But I already deployed my software! (How can we detect this?)
Manual Analysis Penetration testing Threat modeling Black Box Use tools that examine how the software, network and OS interact System-call tracing utilizes, sniffers and protocol analyzers. Look for changes in privileges when accessing the application Automated Static Analysis Field Feedback

14 Summary Ensure code design does not incorrectly permit unnecessary privileges, or allow elevated privileges to remain beyond required. “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.” — Jerome Saltzer, Communications of the ACM

15 References CWE-250: Execution with Unnecessary Privileges, Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 16: Executing Code With Too Much Privilege." Page 243. McGraw-Hill

16 Questions?

Download ppt "Execution with Unnecessary Privileges"

Similar presentations

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-732 Incorrect Permission Assignment for Critical Resource
Understand Database Security Concepts

Understand Database Security Concepts
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Introducing Computer and Network Security

Introducing Computer and Network Security
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.
CSCE 548 Secure Software Development Risk-Based Security Testing.

CSCE 548 Secure Software Development Risk-Based Security Testing.
A Security Review Process for Existing Software Applications

A Security Review Process for Existing Software Applications
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
CSCE 548 Secure Software Development Test 1 Review.

CSCE 548 Secure Software Development Test 1 Review.
Computer & Network Security

Computer & Network Security
CSE 403 Lecture 14 Safety and Security Requirements.

CSE 403 Lecture 14 Safety and Security Requirements.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
CSCE 522 Secure Software Development Best Practices.

CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Similar presentations

Ads by Google