Improving Logging to Reduce Permission Over-Granting Mistakes

Explore a conference talk from USENIX Security '23 that addresses the critical issue of permission over-granting mistakes in access control configurations. Learn about SECLOG, an innovative tool designed to improve logging practices and help system administrators correctly understand and resolve access-deny issues without compromising security. Discover the findings from an observational study on current access-deny logging practices in server software, and understand how SECLOG uses static analysis to automatically identify missing log locations and relevant diagnostic information. Examine the tool's effectiveness across ten widely deployed server applications, including its impact on reducing insecure fixes and improving diagnosis time. Gain insights into the importance of informative logging in maintaining robust access control and preventing potential security vulnerabilities.

USENIX Security '23 - Improving Logging to Reduce Permission Over-Granting Mistakes