The field of network security has become increasingly important in today's society. The Internet has enabled interconnection of different computer networks all over the world. However, the Internet has also presented many opportunities for malicious operators to exploit these networks. Once malicious software (also referred to herein as ‘malware’) has infected a host computer, a malicious operator may issue commands from a remote computer to control the malicious software. In other scenarios, the software may be inherently configured to perform certain actions without necessarily responding to an operator's commands. Malicious software can be configured to perform any number of malicious actions, such as sending out spam or malicious emails from the host computer, stealing sensitive information from a business or individual associated with the host computer, propagating to other host computers, and/or assisting with distributed denial of service attacks. In other scenarios, malicious software can be configured to target certain regions of a storage disk in order to gain unauthorized control of the host computer and its resources. Thus, the ability to effectively protect and maintain stable computers and systems continues to present significant challenges for component manufacturers, system designers, and network operators.
A privilege escalation (PE) attack refers to a type of computer-based attack in which an attacker attempts to exploit inadequate or nonexistent controls to gain access to resources of a computer software application that are intended for access only by valid users having privileged rights, or that are intended for access by valid users having even non-privileged rights but that are meant to be off-limits to the attacker. It would be advantageous to check computer software applications during their development to determine whether they are vulnerable to PE attacks.