Niels Provos  Home/Search
Context
Related
| umich.edu/techrepo...cititr022.ps.gz Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: umich.edu/techreports/index (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Many operating system services require special privileges to execute their tasks. A programming error in a privileged service may open the door to system compromise in form of unauthorized acquisition of privileges. In the worst case, a remote attacker may obtain superuser privileges. In this paper, we discuss the methodology and design of privilege separation, a generic approach that lets parts of an application run without special privileges. (Update)
Similar documents (at the sentence level):
49.6%: Preventing Privilege Escalation - Niels Provos Markus (2002) (Correct)
Active bibliography (related documents): More All
0.3: Analysis of the WinZip encryption method - Kohno (2004) (Correct)
0.3: Meta - a freely available scalable MTA - Westerlund.. (Correct)
0.3: Implementation of Chosen-Ciphertext Attacks - Against Pgp And (Correct)
Similar documents based on text: More All
0.4: Probabilistic Methods for Improving Information Hiding - Provos (2001) (Correct)
0.4: Encrypting Virtual Memory - Provos (2000) (Correct)
0.4: Defending Against Statistical Steganalysis - Provos (2001) (Correct)
BibTeX entry: (Update)
@misc{ provos-preventing,
author = "Niels Provos",
title = "Preventing Privilege Escalation (CITI TR 02-2)",
url = "citeseer.ist.psu.edu/539716.html" }
Citations (may not include all citations):118 Extensible Security Architectures for Java - Wallach, Balfanz et al. - 1997
106 Advanced Programming in the UNIX Environment (context) - Stevens - 1992
92 Going Beyond the Sandbox: An Overview of the New Security Ar.. - Gong, Mueller et al. - 1997
26 Kernel Construction (context) - Liedtke - 1995
12 Operating System Structures to Support Security and Reliable.. (context) - Linden - 1976 ACM DBLP
9 XDR: External Data Representation (context) - Microsystems - 1987
7 Protection and the Control of Information in Multics (context) - Saltzer - 1974
6 String Copy and Concatenation (context) - Miller, de Raadt et al. - 1999
3 Sendmail without the Superuser (context) - Carson - 1993
3 DEFLATE Compressed Data Format Speci cation version (context) - Deutsch - 1951
3 Remote Vulnerability in SSH Daemon CRC32 Compensation Attack.. (context) - Zalewski - 2001
2 07 Double Free Bug in zlib Compression Library (context) - CC, CA-- - 2002
2 18 OpenSSH Vulnerabilities in Challenge Response Handling (context) - CC, CA-- - 2002
2 Comments on the Overall Architecture of Vsftpd (context) - Evans - 2001
2 OpenSSH Channel Code O -By-One Vulnerability (context) - Pol - 2002
1 Die-Hellman Group Exchange for the SSH Transport 10 Layer Pr.. (context) - Friedl, Provos et al. - 2002
1 ZLIB Compressed Data Format Speci cation version (context) - Deutsch, Gailly - 1950
1 Systrace - Interactive Policy Generation for System Calls (context) - Provos - 2002
http://www.openwall.com/popa3d/DESIGN
Documents on the same site (http://www.citi.umich.edu/techreports/index.html): More
Nonmonotonic Cryptographic Protocols - Rubin (1994) (Correct)
Smartcard Integration with Kerberos V5 - Itoi, Honeyman (1998) (Correct)
Long Running Jobs in an Authenticated Environment - Rubin (1993) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC