Week 10 - STRIDE: Elevation of Privilege


Elevation of Privilege, in a nutshell, is the act of gaining access to information, data, or code that otherwise not allowed under the current user’s privilege.  Every user account has a set of access right assigned to fit the account holder’s function.  Traditionally, user privileges are divided into groups like administrative, operation, and view only.  Each user is assigned to one or more groups and has the privileges assigned to the groups.  In a more sophisticated system, users in the same groups can have different access rights.  There are two types of privilege elevations, vertical privilege elevation, and horizontal privilege elevation.  




Vertical privilege elevation is when a user gains the privileges of another user whose access right is higher than himself or herself.  An example of this is the sudo command in Debian Linux systems.  Normal user can perform superuser operation when added to the sudo list.  In older Windows system, the authentication and authorization mechanism use the secured ID (SID) to identify the privileges of the user.  When logging in with a SID of a higher privileged account, the user can do any operation allowed for that SID.  Other ways of increasing access level are exploiting vulnerabilities in a system.   Below shows a few more scenarios that allow a hacker to use vertical elevation of privileges:


  • Developers unintentionally lowered the permission of the files that are only available for superuser during development.  After login, the attacker can read, write, or execute the files.
  • An IT staff added guest access to the system without setting proper access permission.  The attacker can use this weakness to gain access to the administrative panel and reconfigure the system.
  • Remote hacker uses SQL injection to retrieve the user table and get hold of the administrative account.
  • A vulnerability in the older version of the Microsoft SMB protocol allows an attacker to capture account information without logging into the system.  After decrypting the information, the attacker gets the account credentials.

Horizontal privilege elevation is when a user assumes the access rights of another user who is in the same group or groups.  Some people refer to this as impersonation.  However, it is not entirely true.  As I mentioned above, some complex systems allow customization of user privileges.  In such systems, users in the same groups may have a different type of access.  For example, John and Tom are both developers.  John is in embedded development, and Tom is in the application group.  John may have some special permission granted for him to fulfill his daily tasks while Tom does not.  If there is a weakness in the system that let the attacker obtain John’s privileges from Tom’s account, he can use the horizontal privileged elevation.

This blog reaches the last mnemonic of the STRIDE threat modeling.  I hope the information in the blogs helps us in the near future. If you have any comment or suggestion to make the blogs better, please feel free to drop me a few lines.

Comments

Post a Comment

Popular posts from this blog

Week 4 - STRIDE: Spoofing

Image
On week one, I briefly mentioned STRIDE as a method for threat identification. From this week, I want to go into a little more detail on each of its Mnemonic.  First, let's talk a little more about STRIDE.  In security , there are three fundamental aspects of the asset when speaking of security.  They are Confidentiality, Integrity, and Availability, which are referred to as the CIA triad.  To protect the asset means to protect its confidentiality, integrity, and availability.  STRIDE provides six ways to identify threats that would target the three areas. Spoofing: pretend to be someone or something that has legitimate permission to access the asset.  It is one of the ways to break the confidentiality . Tampering: ways to change the integrity of the asset. Repudiation: ways to obtain proves of violation Information Disclosure: access restricted information without permission (confidentiality) Denial of Service: ca...
Read more

Week 12 - The Final Words

Finally, I get to take a week of break.   This is the busiest Term so far.   Lots of demands from work plus things keep breaking at home made it tough.   I am glad it over.   With that said, I learned much from this class. In the first four weeks, I got to understand the threat modeling process and different threat modeling tools.   In a nutshell , threat modeling is about understanding your current state of the network; find all vulnerabilities, threats, and risks; formulate action plan and priority.   The process is carried out in a systematic way .   Initially, I thought the threat modeling is a process for finding the threats.   The name sounds small, but it also covers asset identification and action planning, as I realized after the comment on my assignment.  I spent the following weeks working on a security project where I apply the threat modeling process.   The first phase in threat modeling is the asset assessmen...
Read more

Week 7 - STRIDE: Repudiation

Image
In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...
Read more