Analysis of Privilege Escalation Based on Hierarchical RBAC Model

Abstract

Abstract As access control policies become more and more complex, the detection of access control vulnerabilities becomes more important. Previous research efforts have concentrated on access control vulnerabilities due to programming errors, while the privilege escalation caused by logic errors or abuse of privileges has seldom attracted researchers’ attention, which is also a kind of access control vulnerabilities. To investigate the property of privilege escalation, hierarchical RBAC model is used to describe complex relations between different roles that are represented by a directed role graph. Permissions are divided into multiple categories according to the inheritance of permissions in the role hierarchy. Three types of vulnerabilities, Upward Privilege Escalation, Downward Privilege Escalation and Horizonal Privilege Escalation, are defined and decided theorically based on the inheritance relations between roles in a role graph. Besides the three type, another type of privilege escalation that is not related to the hierarchy of roles is also studied. Finally, the decision theorems of three vulnerabilities are used to optimize the access control decision algorithm.