Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis
This addresses security issues in software ecosystems by enabling market operators to incentivize developers to adhere to least privilege, though it is incremental as it builds on existing clustering and privilege concepts.
The paper tackled the problem of identifying software that uses more privileges than necessary by introducing software peer group analysis, which clusters software based on functionality to detect and rank least-privilege violations, showing effectiveness in evaluations on over a million software items across two markets.
Clustering software into peer groups based on its apparent functionality allows for simple, intuitive categorization of software that can, in particular, help identify which software uses comparatively more privilege than is necessary to implement its functionality. Such relative comparison can improve the security of a software ecosystem in a number of ways. For example, it can allow market operators to incentivize software developers to adhere to the principle of least privilege, e.g., by encouraging users to use alternative, less-privileged applications for any desired functionality. This paper introduces software peer group analysis, a novel technique to identify least privilege violation and rank software based on the severity of the violation. We show that peer group analysis is an effective tool for detecting and estimating the severity of least privilege violation. It provides intuitive, meaningful results, even across different definitions of peer groups and security-relevant privileges. Our evaluation is based on empirically applying our analysis to over a million software items, in two different online software markets, and on a validation of our assumptions in a medium-scale user study.