Conference Proceedings

Detecting privilege escalation attacks through Instrumenting web application source code

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (2016) 06-08-June-2016 73-80
DOI: 10.1145/2914642.2914661
8Citations
Citations of this article
31Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Privilege Escalation is a common and serious type of security attack. Although experience shows that many applications are vulnerable to such attacks, attackers rarely succeed upon first trial. Their initial probing attempts often fail before a successful breach of access control is achieved. This paper presents an approach to automatically instrument application source code to report events of failed access attempts that may indicate privilege escalation attacks to a run time application protection mechanism. The focus of this paper is primarily on the problem of instrumenting web application source code to detect access control attack events. We evaluated false positives and negatives of our approach using two open source web applications.

Author supplied keywords

Cite

CITATION STYLE

APA

Zhu, J., Chu, B., & Lipford, H. (2016). Detecting privilege escalation attacks through Instrumenting web application source code. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (Vol. 06-08-June-2016, pp. 73–80). Association for Computing Machinery. https://doi.org/10.1145/2914642.2914661

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free