Information security – Prevention of unauthorized use of data including prevention... – Access control
Reexamination Certificate
2005-08-29
2009-11-17
Moazzami, Nasser G (Department: 2436)
Information security
Prevention of unauthorized use of data including prevention...
Access control
C726S026000, C726S009000, C713S165000, C713S167000
Reexamination Certificate
active
07620995
ABSTRACT:
A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.
REFERENCES:
patent: 6308274 (2001-10-01), Swift
patent: 7299382 (2007-11-01), Jorapur
patent: 7363275 (2008-04-01), Kojima et al.
patent: 2002/0099952 (2002-07-01), Lambert et al.
patent: 2005/0119902 (2005-06-01), Christiansen
patent: 2005/0262487 (2005-11-01), Pistoia et al.
patent: 2006/0288261 (2006-12-01), Yuan et al.
EntireX, “Security Functions”, http://cis.tamu.edu/systems/database/manuals.exx611/dcom/secfun.htm, 2000, 52 pgs.
“How Access Tokens Work”, Microsoft TechNet, retrieved on Jan. 29, 2009 at <<http://technet.microsoft.com/en-us/ library/cc7835537.aspx>>, Mar. 28, 2003, 10 pgs.
“How Security Descriptors and Access Control Lists Work”, Microsoft TechNet, retrieved on Jan. 29, 2009 at <<http://technet.microsoft.com/en-us/library/cc781716.aspx>>, Mar. 28, 2003, 19 pgs.
Park, “Event Tracing for Windows: Best Practices”, retrieved on Jan. 30, 2009 at <<http://www.cmg.org/proceedings/2004/4188.pdf>>, Proceedings of the Computer Measurement Group's 2004 International Conference, 10 pgs.
Liong, “NT Remote and Local Group and User Account SID Collector Tool”, http://www.codeproject.com/KB/applications/collectsid.aspx, Dec. 8, 2001.
Lorch, et al., “The VTrace Tool: Building a System Tracer for Windows NT and Windows 2000”, MSDN Magazine, Oct. 2000, 10 pgs.
Provos, et al., “Preventing Privilege Escalation”, retrieved on Jan. 29, 2009 at <<http://www.citi.umich.edu.u/provos/papers/privsep.pdf>>, 2003, pp. 1-11.
Restrepo, “Adjusting Process Token Privileges”, http://winterdom.com/dev/security/tokens.html, 2002.
Wang, et al., “Strider: A Black-box, State-based Approach to Change and Configuration Management and Support”, Usenix Lisa, 2003, pp. 165-178.
Acharya et al, “MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications”, Proceedings of the 9th Usenix Security Symposium, Aug. 2000, 18 pgs.
“Aol Instant Messenger Client for Windows Contains a Buffer Overflow while Parsing TLV 0x271 1 Packets”, US-Cert, Vulnerability Note, retrieved Aug. 14, 2009 at <<http://www.kb.cert.org/vuls/id/907819, Jan. 15, 2002,2 pgs.
Ashcraft et al, “Using Programmer-Written Compiler Extensions to Catch Security Holes”, Proc 2002 IEEE Symposium on Security and Privacy, 2002, 17 pgs.
Ball, “Abstraction-Guided Test Generation: A Case Study”, Microsoft Research Technical Report, MSR-TR-2003-86, Nov. 25, 2003, 16 pgs.
Brown, “Keith's Security Hall of Shame”, retrieved Aug. 13, 2009 at http://alt.pluralsight.com/wiki/Print.aspx/Keith. Hallofshame, available as early as Jan. 27, 2005, 4 pgs.
Brumley et al, “Privtrans: Automatically Partitioning Programs for Privilege Separation”, 13th Usenix Security Symposium, 2004, 15 pgs.
Carson, “Sendmail without the Superuser”, Proc 4th Usenix Unix Security Symposium, Oct. 1993, retrieved 8/13/09 at <<http://www.usenix.org/publications/library/proceedings/sec4/full—papers/carson>>, 7 pgs.
“Cert Advisory CA-2004-02 Email-borne Viruses”, retrieved Aug. 14, 2009 at <<http://www.cert.org/advisories/ CA-2004-02.html, Jan 27, 2004, 5 pgs.
Chen et al, “Setuid Demystified”, Proc 11th Usenix Security Symposium, 2002, 20 pgs.
Cowan et al, “SubDomain: Parsimonious Server Security”, 2000 Lisa XIV, Proc 14th Usinex Conf on System Administration, retrieved Aug. 13, 2009 at <<http://www.usenix.org/events/lisa00/full—papers/cowan/cowan—html, Dec. 3-8, 2000, pp. 355-368.
Evans, “Very Secure FTP Daemon (VSFTPD)”, retrieved Aug. 14, 2009 at <<http://vsftpd.beasts.org>>, available as early as Mar. 2002, 4 pgs.
Garfinkel et al, “Ostia: A Delegating Architecture for Secure System Call Interposition”, NDSS 2004, Proc. Network and Distributed Systems Security Symp., Feb. 2004, 15 pgs.
Garfinkel et al, “Terra: A Virtual Machine-Based Platform for Trusted Computing”, ACM Sigops Operating Systems Review, Sosp 2003, 14 pgs.
Garfinkel, “Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools”, NDSS 2003, 14 pgs.
Gotlieb et al, “Automatic Test Data Generation Using Constraint Solving Techniques”, In Proceedings of the International Symposium on Software Testing and Analysis, ACM, 1998, 10 pgs.
Gui, “Debugging Permissions Problems”, Mar. 2001, retrieved Aug. 13, 2009 at <<http://web.archive.org/ web/20020925195828/http://msdn.microsoft.com/library/en-us/dnaskdr/html/askgui03272001.asp>>, Mar. 27, 2001, 3 pgs.
Howard et al, “Measuring Relative Attack Surfaces”, Proceedings of Workshop on Advanced Developments in Software and Systems Security, Dec. 2003, Also CMU-CS-03-169 Technical Report, Aug. 2003, 24 pgs.
National Cyber Alert System, “Internet Explorer Update to Disable ADODB.Stream ActiveX Control”, Technical Cyber Security Alert TA04-184A, retrieved Aug. 14, 2009 at <<http://www.us-cert.gov/cas/techalerts/TA04-184A.html>>, Jul. 2, 2004, 3 pgs.
Jackson et al, “Finding Bugs with a Constraint Solver”, In Proceedings of the International Symposium on Software Testing and Analysis, ACM, 2000, 12 pgs.
Loscocco et al, “Meeting Critical Security Objectives with Security-Enhanced Linux”, In the Proceedings of the 2001 Ottawa Linux Symposium, Jul. 2001, 11 pgs.
Microsoft Tech Net “How Access Tokens Work”, Microsoft TechNet, retrieved on Jan. 29, 2009 at <<http://technet. microsoft.com/en-us/library/cc7835537.aspx>>, Mar. 28, 2003, 10 pgs.
Microsoft Tech Net “How Security Descriptors and Access Control Lists Wore”, Microsoft TechNet, retrieved on Jan. 29, 2009 at http://technet.microsoft.com/en-us/library/cc781716.aspx>>, Mar. 28, 2003, 19 pgs.
Microsoft, “Certain Programs Do Not Work Correctly If You Log On Using a Limited User Account”, retrieved Aug. 14, 2009 at <<http://support.microsoft.com/default.aspx?scid=kb;en-us;307091, Mar. 14, 2005, 5 pgs.
Microsoft, “Retrieving the Properties of a Connection (VBScript)”, retrieved Aug. 31, 2009 at <<http://msdn.microsoft.com/ library/aa366335(VS.85.printer).aspx>>, available at least as early as Feb 2005, 2 pgs.
Oetiker, “MSI Packaging How-To”, Real Men Don't Click, retrieved Aug. 14, 2009 at <<http://isg.ee.ethz.ch/tools/realmen/det/ msi.en.html>>, May 2001, 7 pgs.
Proctor' “Hardening Windows NT Against Attack”, WindowSecurity.com, retrieved Aug. 14, 2009 at <<http://www.windowsecurity.com/whitepapers/Hardening—Windows—NT—Against—Attack.html>>, Oct. 16, 2002, 5 pgs.
Provos, “Improving Host Security with System Call Policies”, 12th Usenix Security Symposium, 2003, 15 pgs.
Provost, “Non-Admin Development in VS.Net 2003”, retrieved Aug. 14, 2009 at <<http://www.peterprovost.org/blog/post/Non-Admin-Development-in-Vsnet-2003.aspx>>, Nov. 2004, 2 pgs.
Rhodes, “Chapter 15: Mandatory Access Control”, FreeBSD Handbook, retrieved Aug. 13, 2009 at <<http://www.subneural. net/f
Chen Shuo
Dunagan John D.
Verbowski Chad E
Wang Yi-Min
Lee & Hayes PLLC
Microsoft Corporation
Moazzami Nasser G
Yalew Fikremariam
LandOfFree
Identifying dependencies of an application upon a given... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Identifying dependencies of an application upon a given..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Identifying dependencies of an application upon a given... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4100402