Open AccessAnalysis of Privilege Escalation Based on Hierarchical RBAC Model
Author(s) -
Li Ma,
Yongjie Yan,
Huowen Jiang,
Yanjie Zhou
Publication year - 2020
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1575/1/012060
Subject(s) - privilege (computing) , hierarchy , role based access control , access control , computer science , inheritance (genetic algorithm) , computer security , political science , law , biology , biochemistry , gene
As access control policies become more and more complex, the detection of access control vulnerabilities becomes more important. Previous research efforts have concentrated on access control vulnerabilities due to programming errors, while the privilege escalation caused by logic errors or abuse of privileges has seldom attracted researchers’ attention, which is also a kind of access control vulnerabilities. To investigate the property of privilege escalation, hierarchical RBAC model is used to describe complex relations between different roles that are represented by a directed role graph. Permissions are divided into multiple categories according to the inheritance of permissions in the role hierarchy. Three types of vulnerabilities, Upward Privilege Escalation, Downward Privilege Escalation and Horizonal Privilege Escalation, are defined and decided theorically based on the inheritance relations between roles in a role graph. Besides the three type, another type of privilege escalation that is not related to the hierarchy of roles is also studied. Finally, the decision theorems of three vulnerabilities are used to optimize the access control decision algorithm.