Solutional nouveau logo (1)

L'escalade des privilèges

Partager
" Retour à l'index des glossaires

Privilege escalation is a critical concept in cybersecurity. It refers to a situation where a user gains unauthorized access to privileges typically reserved for higher-level users. This scenario can occur in two distinct ways: vertically, where the user gains access to advanced functions, and horizontally, where the user can use functions belonging to other users. The escalation of privileges can be caused by system glitches or flawed assumptions during the system’s design phase. These unauthorized access situations can lead to risks such as unauthorized system manipulation and security[1] vulnerabilities. Various examples include exploiting vulnerabilities in high-privilege applications or older systems, and using techniques like Cross Zone Scripting. Mitigation strategies include techniques like Data Execution Prevention, Address space layout randomization, and requiring digitally signed kernel mode code.

Définitions des termes
1. security. Security, as a term, originates from the Latin 'securus,' meaning free from worry. It is a concept that refers to the state of being protected from potential harm or threats. This protection can apply to a wide range of referents, including individuals, groups, institutions, or even ecosystems. Security is closely linked with the environment of the referent and can be influenced by different factors that can make it either beneficial or hostile. Various methods can be employed to ensure security, including protective and warning systems, diplomacy, and policy implementation. The effectiveness of these security measures can vary, and perceptions of security can differ widely. Important security concepts include access control, assurance, authorization, cipher, and countermeasures. The United Nations also plays a significant role in global security, focusing on areas like soil health and food security.

L'escalade des privilèges is the act of exploiting a bug, a design flaw, or a configuration oversight in an système d'exploitation ou software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer ou system administrator can perform unauthorized actions.

A diagram describing privilege escalation. The arrow represents a rootkit gaining access to the kernel, and the little gate represents normal privilege elevation, where the user has to enter an Administrator username and password.
" Retour à l'index des glossaires
fr_FRFR
Retour en haut