Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems
[electronic resource].

Description

Tools

Main Author: Ng, Beng Heng.
Related Names: University of Michigan. Library.
Language(s): English
Published: 2013.
Subjects: Least privilege principle.
Permission gap.
Binary code re-use.
Email address security.
Summary: Secondly, access control mechanisms may be ineffective as subject roles change and administrative oversights lead to permission gaps, which should be removed expeditiously. Identifying permission gaps can be hard since another reference point besides granted permissions is often unavailable. DeGap uses access logs to estimate the gaps while using a common logic for various system services. DeGap also recommends configuration changes towards reducing the gaps. Lastly, unintended software code re-use can lead to intellectual property theft and license violations. Determining whether an application uses a library can be difficult. Compiler optimizations, function inlining, and lack of symbols make using syntactic methods a challenge, while pure semantic analysis is slow. Given a library and a set of applications, Expose combines syntactic and semantic analysis to efficiently help identify applications that re-use the library.
Adhering to the least privilege principle involves ensuring that only legitimate subjects have access rights to objects. Sometimes, this is hard because of permission irrevocability, changing security requirements, infeasibility of access control mechanisms, and permission creeps. If subjects turn rogue, the accesses can be abused. This thesis examines three scenarios where accesses are commonly abused and lead to security issues, and proposes three systems, SEAL, DeGap, and Expose to detect and, where practical, eliminate unintended accesses. Firstly, we examine abuse of email addresses, whose leakages are irreversible. Also, users can only hope that businesses requiring their email addresses for validating affiliations do not misuse them. SEAL uses semi-private aliases, which permits gradual and selective controls while providing privacy for affiliation validations.
Locate a Print Version: Find in a library service is not available from this catalog. Search Worldcat

Viewability

Item Link	Original Source
Limited (search only)	University of Michigan

View HathiTrust MARC record

Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems
[electronic resource].

Description

Tools

Viewability

Similar Items

Robustness and Thermophysical Properties of MOF-5: A Prototypical Hydrogen Storage Material

The Absence of America on the Early Modern Stage

Electron Field Emission from Boron Nitride Thin Films

The Crucified Book, Textual Authority and the Gospel of Truth

A Tale of Two Elements: Effects of Foliar Nitrogen and Phosphorus Stoichiometry on Plant-Insect Interactions

Cyberinfrastructure for Cosmology and Line-of-Sight Projection in Optical Galaxy Clusters

Conditional Empirical Likelihood Approach to Statistical Analysis with Missing Data

Understanding Complex Human Behaviour in Images and Videos

Applications of Marangoni Forces in Actuating Solid Phase Objects

Social Class Identity: The Role of Identity Changeability Perceptions on the Relationship between Beliefs about Intelligence and Sterotype-Relevant Outcomes

Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems [electronic resource].

Description

Tools

Viewability

Similar Items

Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems
[electronic resource].