Detecting Privilege Escalation Vulnerabilities in Web Applications
Web applications often face disastrous consequences due to authorization errors, leading to data breaches. Understand why these errors occur, such as lack of built-in support for access control, flawed logic, and improper role implementations. Learn from the methodology, results, and conclusions of the MACE study focused on detecting and addressing privilege escalation vulnerabilities.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications Maliheh Monshizadeh, University of Chicago Prasad Naldurg, IBM Research India V.N. Venkatakrishnan, University of Chicago Presented by: Michelle Beach
Agenda Introduction Context Contributions of MACE Methodology Results Conclusion
Introduction APOGEE Student Master of Science in Software Engineering Cyber Certificate Program Graduate in December (Yay!) UI/UX Developer Backup and DR
Web Applications are Appealing Targets
Access Control Web applications incorporate access control policies as protection against security threats. Typically RBAC Verify whether authenticated user with an associated role has the required privilege to access a given resource such as a database table Authorization is expected to be performed before every resource access.
Disastrous Consequences Several high-profile data breaches as a result of authentication errors Citibank 360K credit card numbers Target 40 million stolen credit and debit cards 70 million records of personal Target customer data U.S. Emergency Alert System (EAS) Zombies are taking over
Why do Authorization Errors Occur? No built-in support for access control Policy is often written in by developers Often focus on other functionality other than security Often make errors in implementing authorization code
Why do Authorization Errors Occur? Direct connection to database Superusers enjoy all administrative privileges on the database Flaws in logic often lead to catastrophic data breaches
Why do Authorization Errors Occur? Improper implementation of roles Web developers often implement roles as a solution to privilege management No standard framework Lack of knowledge of access control design Buggy and inconsistent role implementation in applications
Academic and Industrial Solutions Virtual Private Databases Provide a way for applications to execute queries on behalf of users Effective privilege separation Web Application Frameworks Rails Provide solutions to structure access control logic effectively
Vulnerability Analysis Open source applications come with virtually no documentation regarding access control policies Must inspect source for missing or inconsistent authorization policies Significant manual effort Time consuming Tedious
MACE Automated solution identifies authorization errors Identifies whether an application enforces its authorization policy consistently Examine whether it enforces the same authorization rules for access to a resource by the same principal
Methodology Authorization Context Associated with every program point in the application Authorization Context Consistency Application uses the same Authorization Context in order to access the same resource along different paths in an application Access Control Violation Mismatch in Authorization Context along two different paths
Mining Access Control Errors (MACE) Set of algorithms to compute authorization contexts and to check for authorization context consistency Variety of analysis techniques including control flow analysis, data flow analysis, and symbolic evaluation
Mining Access Control Errors (MACE) Two kinds of privilege escalation vulnerabilities Vertical Privilege Escalation (VPE): conventional, attacker tries to change privilege level to obtain more access than they are entitled to according to their role Horizontal Privilege Escalation (HPE): attacker tries to access resources of other users
Mining Access Control Errors (MACE) Designed to work directly on the source code Source code is the only documentation of access control policy Policy implementation can be incomplete or incorrect
Secure Implementation An article is added to the articles table in the database. The user name of the current logged- in user specifies the owner of the article, and the request includes the article text inserted into the database.
Secure Implementation verifyUser() checks to ensure the request is coming from an authenticated user
Secure Implementation User can delete any post they own Admin user, as specified by the role userLevel, can delete all entries in a blog as shown by the second DELETE operation
Evaluation Designed to analyze PHP web applications Implemented in JAVA and is about 10k lines of code Ran tool on suite of seven small to large PHP free and open-source applications
