发明名称 |
METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO RESOURCES AND PRIVILEGES PER PROCESS |
摘要 |
To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process. |
申请公布号 |
US2015047025(A1) |
申请公布日期 |
2015.02.12 |
申请号 |
US201414522540 |
申请日期 |
2014.10.23 |
申请人 |
BEYONDTRUST SOFTWARE, INC. |
发明人 |
Beauregard Peter David;Kolishchak Andrey;Jennings Shannon E.;Hogan Robert F. |
分类号 |
G06F21/62;G06F21/31 |
主分类号 |
G06F21/62 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method comprising:
detecting execution of a command to execute a process; determining, before execution of the process, if one or more rules apply to the process based on one or more criteria; modifying, in accordance with the one or more applicable rules, a process token of the process to change at least one of a permission, a privilege, or an integrity level with which to execute the process; accessing the modified process token of the process to determine the at least one of the permission, the privilege, or the integrity level with which to execute the process; executing the process using the modified process token; and allowing access to an object based, at least in part, on the execution of the process. |
地址 |
Phoenix AZ US |