PROCESS CONTROL SOFTWARE SECURITY ARCHITECTURE BASED ON LEAST PRIVILEGES
First Claim
1. A computer device including;
- a processor; and
an operating system that executes on the processor according to configuration data to implement service processes, wherein the configuration data causes each of the service processes to be assigned to one of a plurality of custom service accounts that each have a preset set of operating system privileges associated therewith, wherein the preset set of operating system privileges for each the plurality of custom service accounts is defined based on the privileges needed by the services that are assigned to the custom service account, and wherein, custom service accounts do not have interactive logon privileges.
1 Assignment
0 Petitions
Accused Products
Abstract
A process control system software security architecture, that is more effective at preventing zero-day or other types of malware attacks, implements the use of “least privileges” when executing the applications and services run within a computer device. The least privileges based architecture separates “service” processes from desktop applications that run on behalf of a logged-on user by partitioning the global namespace of the software system into service namespaces and logged-on user namespaces, and by strictly controlling communications between the applications and services in these different namespaces using interprocess communications. Moreover, the security architecture uses custom accounts to assure that each service process has the least set of privileges that are needed for implementing its function regardless of the privileges associated with the calling application or user.
-
Citations
70 Claims
-
1. A computer device including;
-
a processor; and an operating system that executes on the processor according to configuration data to implement service processes, wherein the configuration data causes each of the service processes to be assigned to one of a plurality of custom service accounts that each have a preset set of operating system privileges associated therewith, wherein the preset set of operating system privileges for each the plurality of custom service accounts is defined based on the privileges needed by the services that are assigned to the custom service account, and wherein, custom service accounts do not have interactive logon privileges. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer device comprising:
-
a processor; a communications port; a local memory storage unit; and an operating system that executes on the processor according to configuration data to implement service processes including a service process that is capable of communicating with the communications port, wherein the service process that is capable of communicating with the communications port does not have the privilege to write to the local memory storage unit. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer device including;
-
a processor; an external media port; a local memory storage unit; and an operating system that executes on the processor according to configuration data to implement service processes including a service process that is capable of communicating with a removable memory device via external media port, wherein the service process that is capable of communicating with a removable memory device via the external media port does not have the privilege to write to the local memory storage unit. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A computer device including;
-
a processor; an external media port; a communications port; and an operating system that executes on the processor according to configuration data to implement service processes including a service process that is capable of communicating with a removable memory device via external media port, wherein the service process that is capable of communicating with a removable memory device via the external media port does not have the privilege to access the communications port. - View Dependent Claims (41, 42, 43, 44)
-
-
45. A computer device including;
-
a processor; and an operating system that executes on the processor according to configuration data to implement service processes and one or more desktop processes; wherein the operating system executes to enforce a service namespace that is separate from a desktop namespace and operates to execute the service processes in a service namespace and the one or more desktop applications in a desktop namespace that is separate from the service namespace, and wherein all processes implemented in the service namespace must communicate with processes in the desktop namespace via interprocess communications. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. A computer device including;
-
a processor; and an operating system that executes on the processor according to configuration data to implement service processes and one or more desktop processes; wherein the operating system enforces operating system privileges for the service processes based on custom service accounts to which each service process is assigned regardless of the process that calls the service process, wherein the operating system enforces operating system privileges for each of the one or more desktop applications using a standard set of operating system privileges defined for the desktop applications to be used for the desktop applications regardless of which of a set of user accounts calls the desktop application, and wherein a sending desktop application sends a message to a recipient processes such that the message includes a user identity that identifies a user of the desktop application, wherein the user identity flows with the message as the message is processed by each of a number of different service processes as the message is relayed from the sending desktop application to the receiving process. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
Specification