摘要 |
An operating system (110) is arranged to provide system services to an application (102) requesting them, the services being selected from a predetermined system service group. The operating system comprises main memory allocation logic (128), mass memory allocation logic (122, 126), an application interface (112), via which the application program (102) can request system services from the operating system, and application installation and execution logic for installing the application (102) and for specifying its identifier. For preventing malicious programs, the inventive operating system comprises, instead of or in addition to a conventional user privilege administrator (114), an application privilege administrator (116) responsive to a request for a system service transmitted by the application (102) over the application interface (112). The application privilege administrator is arranged to administer the application (102, 20, 30) privilege group such that it includes the right to use a subgroup of said system service group. |