[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] ACL for application

From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Subject: Re: [WEB SECURITY] ACL for application
Date: Tue, 9 Jan 2007 13:47:19 -0500

On 1/9/07, Ankur Jindal <divinepresence@xxxxxxxxx> wrote:

It wasn't about the code but about the format. Do you need to provide
a super admin all the rights that the lower level users have to
prepare for a disaster/mishap? Since there are user roles and
associated responsibilites, everyone's work set becomes limited and
hence lesser chance of elevation of privilege.
I may be wrong though.


No, you're right.  Following the principle of least privilege is a
good idea for security.  You probably already know this, but you have
set yourself a hard problem.  A few things to watch out for:

- When someone plays within the rules of your system, what privileges
can people gain for themselves using the privileges already granted
them?  There are some formal models out there for analysis of this.
I've never actually used them, but I believe they can give meaningful
results.

- How can people cheat the rules of your system?  As one example of
what I mean by 'cheating', let's say that you allow admins to read
arbitrary files, but you don't allow them to make arbitrary database
queries.  If they can read the file where you store the credentials
used to access the database, then they can probably cheat by going
around your access control points.  I don't know of any formal models
for detecting this kind of problem.  I suspect most security bugs are
due to this type of cheating.

- Access control is one step in enforcing least privilege.  The next
step is reviewing logs to try to figure out when someone has found a
way around your access control.

- What are the chances that you are going to end up with a system that
is dangerously restrictive, e.g. someone doesn't have the power they
need to fix an urgent problem?  When you start down this path, you are
trying to decrease your risk of a security breach.  You are
simultaneously increasing your risk of problems in other areas.

Regards,
Brian

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] ACL for application
  - From: Ankur Jindal

References:
- [WEB SECURITY] ACL for application
  - From: Ankur Jindal
- Re: [WEB SECURITY] ACL for application
  - From: Brian Eaton
- Re: [WEB SECURITY] ACL for application
  - From: Ankur Jindal

Prev by Date: Re: [WEB SECURITY] ACL for application
Next by Date: [WEB SECURITY] Administrative: List Questionnaire
Previous by thread: Re: [WEB SECURITY] ACL for application
Next by thread: Re: [WEB SECURITY] ACL for application
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site