Sciweavers

USS
2010

Baaz: A System for Detecting Access Control Misconfigurations

13 years 10 months ago
Baaz: A System for Detecting Access Control Misconfigurations
Maintaining correct access control to shared resources such as file servers, wikis, and databases is an important part of enterprise network management. A combination of many factors, including high rates of churn in organizational roles, policy changes, and dynamic informationsharing scenarios, can trigger frequent updates to user permissions, leading to potential inconsistencies. With Baaz, we present a distributed system that monitors updates to access control metadata, analyzes this information to alert administrators about potential security and accessibility issues, and recommends suitable changes. Baaz detects misconfigurations that manifest as small inconsistencies in user permissions that are different from what their peers are entitled to, and prevents integrity and confidentiality vulnerabilities that could lead to insider attacks. In a deployment of our system on an organizational file server that stored confidential data, we found 10 high level security issues that impact...
Tathagata Das, Ranjita Bhagwan, Prasad Naldurg
Added 15 Feb 2011
Updated 15 Feb 2011
Type Journal
Year 2010
Where USS
Authors Tathagata Das, Ranjita Bhagwan, Prasad Naldurg
Comments (0)