Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis

Clustering software into peer groups based on its apparent functionality
allows for simple, intuitive categorization of software that
can, in particular, help identify which software uses comparatively
more privilege than is necessary to implement its functionality. Such
relative comparison can improve the security of a software ecosystem
in a number of ways. For example, it can allow market operators
to incentivize software developers to adhere to the principle of
least privilege, e.g., by encouraging users to use alternative, lessprivileged
applications for any desired functionality. This paper introduces
software peer group analysis, a novel technique to identify
least privilege violation and rank software based on the severity of
the violation. We show that peer group analysis is an effective tool
for detecting and estimating the severity of least privilege violation.
It provides intuitive, meaningful results, even across different defi-
nitions of peer groups and security-relevant privileges. Our evaluation
is based on empirically applying our analysis to over a million
software items, in two different online software markets, and on a
validation of our assumptions in a medium-scale user study.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s