Privilege escalation is a common term in the Security industry.
Let's illustrate what it means through an example.
Imagine having a key to your house and you give it temporarily to a plumber, so that they can fix something while you are on vacation.
Your intent is to give temporary access to your house to the plumber. But the locksmith visits a locksmith and makes a copy of the key. Essentially, evading the temporary restriction of accessing your house within a limited timeframe.
The same concept can be applied to software security. It's particularly relevant in Cloud security and giving access to some service to access your Cloud account (e.g. temporary access to assume an IAM role within your AWS account).
If the service is limited to just access resources, but not create new resources - everything is fine and security works as intended. But if the limited access allows the service to create new IAM roles (essentially generate new keys at the locksmith), the service can later access your Cloud resources without your permission. Essentially, doing Privilege Escalation.
Top comments (0)