Title :
Threat modeling for virtual directory services
Author :
Claycomb, William R. ; Shin, Dongwan
Author_Institution :
Sandia Nat. Labs., Albuquerque, NM, USA
Abstract :
Directory services are corporate computing objects responsible for providing information about user accounts, computer accounts, contacts, etc. Virtual directories are powerful tools for consolidating this data, modifying it if necessary, and presenting it to the end user in a highly customized manner. While attacks against directory services have been identified, attacks and vulnerabilities of virtual directories remain largely unstudied. In this paper, we present an analysis of four types of attacks on virtual directory services. In doing so, we describe how each is performed, and discuss how to detect and prevent each type of attack. This first step towards protecting virtual directory services is critical to protecting the information contained in the source directories - information which could potentially contain sensitive data and be used for authentication and/or access control decisions.
Keywords :
authorisation; data structures; message authentication; virtual storage; access control decision; attack detection; attack prevention; authentication decision; computer accounts information; contacts information; corporate computing object; information protection; sensitive data; specialized data structure; threat modeling; user accounts information; virtual directory service vulnerability; Access control; Access protocols; Authentication; Computer science; Data structures; Electrical equipment industry; Java; Laboratories; Protection; Sun;
Conference_Titel :
Security Technology, 2009. 43rd Annual 2009 International Carnahan Conference on
Conference_Location :
Zurich
Print_ISBN :
978-1-4244-4169-3
Electronic_ISBN :
978-1-4244-4170-9
DOI :
10.1109/CCST.2009.5335550
