This document discusses MACE, a tool for detecting privilege escalation vulnerabilities in web applications. MACE analyzes application source code to check for inconsistent enforcement of authorization rules. It computes authorization contexts and checks for consistency across code paths. MACE can detect both vertical and horizontal privilege escalation vulnerabilities. The researchers evaluated MACE on a suite of PHP applications and found several vulnerabilities, demonstrating MACE's ability to automatically detect authorization errors that manual analysis may miss.
This document discusses MACE, a tool for detecting privilege escalation vulnerabilities in web applications. MACE analyzes application source code to check for inconsistent enforcement of authorization rules. It computes authorization contexts and checks for consistency across code paths. MACE can detect both vertical and horizontal privilege escalation vulnerabilities. The researchers evaluated MACE on a suite of PHP applications and found several vulnerabilities, demonstrating MACE's ability to automatically detect authorization errors that manual analysis may miss.
This document discusses MACE, a tool for detecting privilege escalation vulnerabilities in web applications. MACE analyzes application source code to check for inconsistent enforcement of authorization rules. It computes authorization contexts and checks for consistency across code paths. MACE can detect both vertical and horizontal privilege escalation vulnerabilities. The researchers evaluated MACE on a suite of PHP applications and found several vulnerabilities, demonstrating MACE's ability to automatically detect authorization errors that manual analysis may miss.
Prasad Naldurg, IBM Research India V.N. Venkatakrishnan, University of Chicago
Presented by: Michelle Beach
Agenda Introduction Context Contributions of MACE Methodology Results Conclusion Introduction APOGEE Student Master of Science in Software Engineering Cyber Certificate Program Graduate in December (Yay!) UI/UX Developer – Backup and DR Web Applications are Appealing Targets Access Control
Web applications incorporate access control policies
as protection against security threats. Typically RBAC
Verify whether authenticated user with an
associated role has the required privilege to
access a given resource such as a database table Authorization is expected to be performed before
every resource access.
Disastrous Consequences Several high-profile data breaches as a result of authentication errors Citibank • 360K credit card numbers Target • 40 million stolen credit and debit cards • 70 million records of personal Target customer data U.S. Emergency Alert System (EAS) • Zombies are taking over Why do Authorization Errors Occur?
No built-in support for access control
Policy is often written in by developers Often focus on other functionality other than security Often make errors in implementing authorization code Why do Authorization Errors Occur?
Direct connection to database
Superusers enjoy all administrative privileges on the database Flaws in logic often lead to catastrophic data breaches Why do Authorization Errors Occur?
Improper implementation of roles
Web developers often implement roles as a solution to privilege management No standard framework Lack of knowledge of access control design Buggy and inconsistent role implementation in applications Academic and Industrial Solutions Virtual Private Databases Provide a way for applications to execute queries on behalf of users Effective privilege separation Web Application Frameworks Rails Provide solutions to structure access control logic effectively Vulnerability Analysis Open source applications come with virtually no documentation regarding access control policies Must inspect source for missing or inconsistent authorization policies Significant manual effort Time consuming Tedious MACE
Automated solution identifies authorization
errors Identifies whether an application enforces its authorization policy consistently Examine whether it enforces the same authorization rules for access to a resource by the same principal Methodology Authorization Context Associated with every program point in the application Authorization Context Consistency Application uses the same Authorization Context in order to access the same resource along different paths in an application Access Control Violation Mismatch in Authorization Context along two different paths Mining Access Control Errors (MACE)
Set of algorithms to compute authorization
contexts and to check for authorization context consistency Variety of analysis techniques including control flow analysis, data flow analysis, and symbolic evaluation Mining Access Control Errors (MACE)
Two kinds of privilege escalation vulnerabilities
Vertical Privilege Escalation (VPE): conventional, attacker tries to change privilege level to obtain more access than they are entitled to according to their role Horizontal Privilege Escalation (HPE): attacker tries to access resources of other users Mining Access Control Errors (MACE)
Designed to work directly on the source code
Source code is the only documentation of access control policy Policy implementation can be incomplete or incorrect Secure Implementation
An article is added to the articles table in the
database. The user name of the current logged- in user specifies the owner of the article, and the request includes the article text inserted into the database. Secure Implementation
verifyUser() checks to ensure the request is
coming from an authenticated user Secure Implementation
User can delete any post they own
Admin user, as specified by the role userLevel, can delete all entries in a blog as shown by the second DELETE operation Vulnerable Delete Operations Vulnerable Delete Operations System Architecture Evaluation Designed to analyze PHP web applications Implemented in JAVA and is about 10k lines of code Ran tool on suite of seven small to large PHP free and open-source applications PHP Applications Results Results Results Results Results Results Results Thank You