The present disclosure relates to an automated mechanism to analyze elevated authority usage and capability, and more specifically, to detect whether elevated authority is available or used and determine the relationship between privileges of the elevated authority and privileges of other available authority.
Generally people and organizations rely on multiple software applications. Each user generally has a set of permissions which specifies what files or data the user may be able to access. These permissions may be file specific, allowing the user to access each file in a certain way, such as read only, read and write, or otherwise access the file. Often, a set of permissions are configured per user for sets of files, for example at a directory level. In such cases, a user may have a certain level of access to one set of files in a particular directory, such as their personal directory, and another level of access to another directory, such as a network share.
Users typically use multiple applications, which may be stored in a common storage partition. These applications may be configured, for example either by automatically during setup or by an administrator, with generous permissions levels, creating a security risk. Generally there is very little or no detailed knowledge by application administrators of the exact permissions required by individual users to access specific files for use with an application. Rather, administrators generally configure permissions by, for example, directory levels, or broadly for sets of users. However, configuring permissions using broad settings can present an unnecessary security risk as excessive permissions may allow for an attacker to more easily access and exfiltrate data. Additionally, elevated privileges may be available to certain applications, which may or may not be used to access files. What is needed is a mechanism by which to automatically detect whether elevated privileges are available, whether those elevated privileges are used and configure permissions appropriately, based on the availability of elevated privileges, while preserving application functionality and reducing excessive permissions.