Detecting Privilege Escalation Attacks Through Instrumenting Web Application Source Code
| Title | Detecting Privilege Escalation Attacks Through Instrumenting Web Application Source Code |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Zhu, Jun, Chu, Bill, Lipford, Heather |
| Conference Name | Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3802-8 |
| Keywords | application sensors, Human Behavior, privilege escalation, pubcrawl, Resiliency, Scalability, security., sensor security, unauthorized access |
| Abstract | Privilege Escalation is a common and serious type of security attack. Although experience shows that many applications are vulnerable to such attacks, attackers rarely succeed upon first trial. Their initial probing attempts often fail before a successful breach of access control is achieved. This paper presents an approach to automatically instrument application source code to report events of failed access attempts that may indicate privilege escalation attacks to a run time application protection mechanism. The focus of this paper is primarily on the problem of instrumenting web application source code to detect access control attack events. We evaluated false positives and negatives of our approach using two open source web applications. |
| URL | http://doi.acm.org/10.1145/2914642.2914661 |
| DOI | 10.1145/2914642.2914661 |
| Citation Key | zhu_detecting_2016 |