论文信息 - Threat modeling for virtual directory services

Threat modeling for virtual directory services

Directory services are corporate computing objects responsible for providing information about user accounts, computer accounts, contacts, etc. Virtual directories are powerful tools for consolidating this data, modifying it if necessary, and presenting it to the end user in a highly customized manner. While attacks against directory services have been identified, attacks and vulnerabilities of virtual directories remain largely unstudied. In this paper, we present an analysis of four types of attacks on virtual directory services. In doing so, we describe how each is performed, and discuss how to detect and prevent each type of attack. This first step towards protecting virtual directory services is critical to protecting the information contained in the source directories - information which could potentially contain sensitive data and be used for authentication and/or access control decisions.

William R. Claycomb | Dongwan Shin

[1] William R. Claycomb,et al. An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information , 2009, WOSIS.

[2] Arturo Fernández. Fedora Directory Server , 2007 .

[3] Marlin Pohlman. Oracle Virtual Directory , 2008 .

[4] Kurt D. Zeilenga. Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map , 2006, RFC.

[5] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6] David Chadwick. Threat Modelling for Active Directory , 2004, Communications and Multimedia Security.

[7] Marlin B. Pohlman. Oracle Virtual Directory , 2008 .

[8] William R. Claycomb,et al. Protecting Sensitive Information in Directory Services Using Virtual Directories , 2008, CollaborateCom.

[9] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.