Sciweavers

ACSAC
2004
IEEE

Tracing the Root of "Rootable" Processes

14 years 4 months ago
Tracing the Root of "Rootable" Processes
In most existing systems, the authorization check for system resource access is based on the user ID of the running processes. Such systems are vulnerable to password stealing/cracking attacks. Considering that remote attackers usually do not have physical access to local machines, we propose a security architecture called NPTrace (Network-Wide Process Tracing), which requires a user to know the root password and to prove that he is within some physical proximity in order to exercise the root privilege. More specifically, NPTrace attaches a PrivilegeLevel attribute to every process, and propagates this attribute across machines on demand. The Privilege-Level attribute of a process is set to Rootable if the system can trace back its origin to a process started by a user that has physically logged on from a specific set of hosts on the network. Only a root process with this Privilege-Level attribute set to Rootable, is allowed to perform privileged operations. The NPTrace architecture e...
Amit Purohit, Vishnu Navda, Tzi-cker Chiueh
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where ACSAC
Authors Amit Purohit, Vishnu Navda, Tzi-cker Chiueh
Comments (0)