PRIVILEGE ESCALATION PROTECTION
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
monitor a process executed on a computing device;
detect an unauthorized change in a token value associated with the process; and
perform an action based on a policy in response to the unauthorized change in the token value associated with the process; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for privilege escalation protection are disclosed. In some embodiments, a system/process/computer program product for privilege escalation protection includes monitoring a process executed on a computing device, detecting an unauthorized change in a token value associated with the process, and performing an action based on a policy (e.g., a kernel protection security policy/rule(s), which can include a whitelisted set of processes and/or configured actions/responses to perform for other/non-whitelisted processes) in response to an unauthorized change in the token value associated with the process.
-
Citations
20 Claims
-
1. A system, comprising:
-
a processor configured to; monitor a process executed on a computing device; detect an unauthorized change in a token value associated with the process; and perform an action based on a policy in response to the unauthorized change in the token value associated with the process; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
monitoring a process executed on a computing device; detecting an unauthorized change in a token value associated with the process; and performing an action based on a policy in response to the unauthorized change in the token value associated with the process. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
-
monitoring a process executed on a computing device; detecting an unauthorized change in a token value associated with the process; and performing an action based on a policy in response to the unauthorized change in the token value associated with the process. - View Dependent Claims (19, 20)
-
Specification