> -----Original Message-----
> From: sudhakar+bugtraq@xxxxxxxxxxxxxxxx
> [mailto:sudhakar+bugtraq@xxxxxxxxxxxxxxxx]
> Sent: Wednesday, February 01, 2006 2:08 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Windows Access Control Demystified
>
>
> Hello everybody,
>
> We have constructed a logical model of Windows XP access
> control, in a declarative but executable (Datalog) format.
> We have built a scanner that reads access-control
> configuration information from the Windows registry, file
> system, and service control manager database, and feeds raw
> configuration data to the model. Therefore we can reason
> about such things as the existence of privilege-escalation
> attacks, and indeed we have found several
> user-to-administrator vulnerabilities caused by
> misconfigurations of the access-control lists of commercial
> software from several major vendors. We propose tools such
> as ours as a vehicle for software developers and system
> administrators to model and debug the complex interactions of
> access control on installations under Windows.
>
>
> The full version of the paper can be found at:
>
>
>
>
> All the vendors and CERT are aware of this paper. The bugs are *not*
> remotely exploitable. The CERT id is VU#953860.
>
>
> regards,
> Sudhakar Govindavajhala and Andrew Appel.
>
> Bio:
>
> Sudhakar Govindavajhala is a finishing PhD student at
> Computer Science department, Princeton university. His
> interests are computer security, operating systems and
> networks. Sudhakar is looking for employment opportunities.
>
>
> Andrew Appel is a Professor of Computer Science at Princeton
> University. He is currently on sabbatcal at INRIA
> Rocquencourt. His interests are computer security, compilers,
> programming languages, type theory, and functional programming.
>
>
