TR
EN
An Inverse Approach to Windows' Resource-Based Permission Mechanism for Access Permission Vulnerability Detection
Abstract
In organizations, employees work with information stored in files according to their duties and responsibilities. Windows uses resource-based access permissions that any permission for any user has to be set separately per resource. This approach gets complicated as the number of resources and users increase, and causes oversights in assigning permissions. Therefore, a special mechanism is required to scrutinize what permissions any employee has on any set of resources. This requirement is circumvented by reversing the Windows’ approach in terms of user-accessible resources. This approach is implemented by a program allowing quick and easy examination of any type of permissions granted or denied to active directory users on any folder. In this way, administrators can make sure there is no any missing or overlooked setting that could cause a security vulnerability. This approach can easily be extended to scrutinize other resources, and for other local or active directory objects.
Keywords
References
- Brown, K. The. NET Developer’s Guide to Windows Security (Microsoft Net Development Series. Addison-Wesley Professional. 2004.
- Cone, J. M. ACACLS: A tool for examining and modifying file and directory security on NTFS volumes in a Windows NT environment. California State University, Long Beach, 2003.
- Halsey M. Bettany, A. Restoring Files and Folder Security Settings. Windows File System Troubleshooting. Berkeley, CA: Apress 2015.
- Internet: “SECURITY_DESCRIPTOR structure, https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-security descriptor (Accessed: 28.08.2021).
- Internet: DACLs and ACEs, https://docs.microsoft.com/en-us/windows/win32/secauthz/dacls-and-aces (Accessed: 27.08.2021).
- Internet: File and Folder Permissions, https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727008(v=technet.10)?redirectedfrom=MSDN (Accessed: 24.08.2021).
- Internet: File Security and Access Rights, https://docs.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights (Accessed: 26.08.2021).
- Internet: NTFS Overview, https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn466522(v=ws.11) (Accessed: 11.08.2021).
Details
Primary Language
English
Subjects
Computer Software
Journal Section
Research Article
Publication Date
July 18, 2022
Submission Date
December 8, 2021
Acceptance Date
January 10, 2022
Published in Issue
Year 2022 Volume: 5 Number: 2
APA
Temiz, H., & Büyükeke, A. (2022). An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection. Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 5(2), 534-550. https://doi.org/10.47495/okufbed.1033540
AMA
1.Temiz H, Büyükeke A. An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection. Osmaniye Korkut Ata University Journal of The Institute of Science and Techno. 2022;5(2):534-550. doi:10.47495/okufbed.1033540
Chicago
Temiz, Hakan, and Ahmet Büyükeke. 2022. “An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection”. Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi 5 (2): 534-50. https://doi.org/10.47495/okufbed.1033540.
EndNote
Temiz H, Büyükeke A (July 1, 2022) An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection. Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi 5 2 534–550.
IEEE
[1]H. Temiz and A. Büyükeke, “An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection”, Osmaniye Korkut Ata University Journal of The Institute of Science and Techno, vol. 5, no. 2, pp. 534–550, July 2022, doi: 10.47495/okufbed.1033540.
ISNAD
Temiz, Hakan - Büyükeke, Ahmet. “An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection”. Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi 5/2 (July 1, 2022): 534-550. https://doi.org/10.47495/okufbed.1033540.
JAMA
1.Temiz H, Büyükeke A. An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection. Osmaniye Korkut Ata University Journal of The Institute of Science and Techno. 2022;5:534–550.
MLA
Temiz, Hakan, and Ahmet Büyükeke. “An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection”. Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi, vol. 5, no. 2, July 2022, pp. 534-50, doi:10.47495/okufbed.1033540.
Vancouver
1.Hakan Temiz, Ahmet Büyükeke. An Inverse Approach to Windows’ Resource-Based Permission Mechanism for Access Permission Vulnerability Detection. Osmaniye Korkut Ata University Journal of The Institute of Science and Techno. 2022 Jul. 1;5(2):534-50. doi:10.47495/okufbed.1033540
Cited By
Bayrak Ele Geçirme Yoluyla Yapılandırılmış Saldırı Güvenliği Uygulaması: Ardışık Sıralı Saldırı Yürütme ve Üç Bayrağın Ele Geçirilmesi
Osmaniye Korkut Ata Üniversitesi Fen Bilimleri Enstitüsü Dergisi
https://doi.org/10.47495/okufbed.1840420