GRANTING LEAST PRIVILEGE ACCESS FOR COMPUTING PROCESSES
摘要
Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource.
申请公布号
WO2009158405(A2)
申请公布日期
2009.12.30
申请号
WO2009US48461
申请日期
2009.06.24
申请人
MICROSOFT CORPORATION
发明人
COLES, NEIL, LAURENCE;SHELL, SCOTT RANDALL;SANDADI, UPENDER REDDY;VALS, ANGELO RENATO;LYONS, MATTHEW, G.;JORDAN, CHRISTOPHER ROSS;ROGERS, ANDREW;GOPALAN, YADHU;HSIEH, BOR-MING