{"title":"Threat modeling for virtual directory services","authors":"W. Claycomb, Dongwan Shin","doi":"10.1109/CCST.2009.5335550","DOIUrl":null,"url":null,"abstract":"Directory services are corporate computing objects responsible for providing information about user accounts, computer accounts, contacts, etc. Virtual directories are powerful tools for consolidating this data, modifying it if necessary, and presenting it to the end user in a highly customized manner. While attacks against directory services have been identified, attacks and vulnerabilities of virtual directories remain largely unstudied. In this paper, we present an analysis of four types of attacks on virtual directory services. In doing so, we describe how each is performed, and discuss how to detect and prevent each type of attack. This first step towards protecting virtual directory services is critical to protecting the information contained in the source directories - information which could potentially contain sensitive data and be used for authentication and/or access control decisions.","PeriodicalId":117285,"journal":{"name":"43rd Annual 2009 International Carnahan Conference on Security Technology","volume":"239 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"43rd Annual 2009 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2009.5335550","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Directory services are corporate computing objects responsible for providing information about user accounts, computer accounts, contacts, etc. Virtual directories are powerful tools for consolidating this data, modifying it if necessary, and presenting it to the end user in a highly customized manner. While attacks against directory services have been identified, attacks and vulnerabilities of virtual directories remain largely unstudied. In this paper, we present an analysis of four types of attacks on virtual directory services. In doing so, we describe how each is performed, and discuss how to detect and prevent each type of attack. This first step towards protecting virtual directory services is critical to protecting the information contained in the source directories - information which could potentially contain sensitive data and be used for authentication and/or access control decisions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
