This post originated from an RSS feed registered with .NET Buzz
by Robert Hurlbut.
Original Post: Least-Privileged Incompatibilities research
Feed Title: Robert Hurlbut's .Net Blog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx
Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases
Last year, I answered some questions for a Microsoft Research project about running as non-administrator and the obstacles I have found in using various Windows applications. Susan Bradley is pointing to the final paper of this research project entitled "A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities". Skimming through, it looks to be an interesting read.
Bottom line is what Susan mentions as the goal of the document:
âMost Windows users run all the time with Administrator privileges, equivalent to root privileges on a UNIX system. The possession of Administrator privileges by every user significantly increases the vulnerability of Windows systems. For example, simply compromising a user network service, such as an instant messaging client, provides an attacker complete control of the system. We address this problem by making it easier to develop applications that do not require Administrator privileges, thereby decreasing the inconvenience of running without Administrator privileges. To this end, we present a novel tracing technique for identifying the reasons applications require Administrator privileges (which we refer to as least-privilege incompatibilities). Our evaluation on a number of real-world applications shows that our tracing technique significantly helps developers fix least-privilege incompatibilities and can also help system administrators mitigate the impact of least-privilege incompatibilities in the near term through local system policy changes.â
Anything that helps developers meet the goal of developing software with the Limited User in mind is a welcome addition!
Previous Topic
