Security relevancy analysis on the registry of Windows NT 4.0

Many security breaches are caused by inappropriate inputs, crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we certainly do not want to put such a constraint on every input; instead, we only want to restrict the access to the security-relevant inputs. This paper investigates how to identify which inputs are relevant to system security. We formulate the problem as a security relevancy problem and deploy static analysis technique to identify security-relevant inputs. Our approach is based on the dependency analysis technique; it identifies whether the behavior of any security-critical action depends on a certain input. If such a dependency relationship exists, we say that the input is security-relevant, otherwise we say the input is security-nonrelevant. This technique is applied to a security analysis project initiated by the Microsoft Windows NT Security Group. The project is intended to identify security-relevant registry keys in the Windows NT operating system. The results from this approach proved useful to enhancing Windows NT security. Our experiences and results from this project are presented in this paper.