Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis
Venue
CoRR, vol. abs/1510.07308 (2015)
Publication Year
2015
Authors
Iulia Ion, Suman Jana, Úlfar Erlingsson
BibTeX
Abstract
Clustering software into peer groups based on its apparent functionality allows for
simple, intuitive categorization of software that can, in particular, help identify
which software uses comparatively more privilege than is necessary to implement its
functionality. Such relative comparison can improve the security of a software
ecosystem in a number of ways. For example, it can allow market operators to
incentivize software developers to adhere to the principle of least privilege,
e.g., by encouraging users to use alternative, less-privileged applications for any
desired functionality. This paper introduces software peer group analysis, a novel
technique to identify least privilege violation and rank software based on the
severity of the violation. We show that peer group analysis is an effective tool
for detecting and estimating the severity of least privilege violation. It provides
intuitive, meaningful results, even across different definitions of peer groups and
security-relevant privileges. Our evaluation is based on empirically applying our
analysis to over a million software items, in two different online software
markets, and on a validation of our assumptions in a medium-scale user study.
