Least privilege via restricted tokens

US 6,308,274 B1
Filed: 06/12/1998
Issued: 10/23/2001
Est. Priority Date: 06/12/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a system having a security mechanism that determines access to resources based on information in an access token against security information associated with each of the resources, a method of restricting the access of an application to system resources, comprising, storing restriction information with respect to the application, the restriction information related to access of the application to the resources, receiving a request to run the application, creating a restricted access token based on the parent token and the restriction information, the restricted access token providing reduced access with respect to a parent access token, and associating the restricted token with the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application'"'"'s access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application. Also, the system may enforce running with reduced access by running user processes with a restricted token, and then requiring a definite action by the user to specifically override actions that are restricted by temporarily running with the user'"'"'s normal token.

352 Citations

43 Claims

1. In a system having a security mechanism that determines access to resources based on information in an access token against security information associated with each of the resources, a method of restricting the access of an application to system resources, comprising, storing restriction information with respect to the application, the restriction information related to access of the application to the resources, receiving a request to run the application, creating a restricted access token based on the parent token and the restriction information, the restricted access token providing reduced access with respect to a parent access token, and associating the restricted token with the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising running the application, and attempting to access the system resources using the restricted token as the access token of the application.
  - 3. The method of claim 1 wherein storing restriction information with respect to the application includes identifying at least one file to which the application has access.
  - 4. The method of claim 3 wherein storing restriction information with respect to the application includes limiting the application to one file.
  - 5. The method of claim 1 wherein storing restriction information with respect to the application includes identifying at least one other application that the application may launch.
  - 6. The method of claim 1 wherein creating a restricted access token includes, copying access information from the parent token into the restricted token, and adding at least one restricted security identifier to the restricted token.
  - 7. The method of claim 6 wherein adding at least one restricted security identifier to the restricted token includes adding a restricted security identifier corresponding to the application.
  - 8. The method of claim 1 wherein creating a restricted access token includes copying access information from the parent token into the restricted token, and removing at least one privilege from the restricted token relative to the parent token.
  - 9. The method of claim 1 wherein creating a restricted access token from the parent token includes changing attribute information of a security identifier in the restricted token to use for deny only access via that security identifier, relative to attribute information of a corresponding security identifier in the parent token.
  - 10. The method of claim 9 wherein separating at least some of the functions of an application into at least two groups includes, separating the functions into privileged and non-privileged portions, wherein associating the restricted token with at least one of the groups includes associating the restricted token with the non-privileged portion, and further comprising associating the parent token with the privileged portion.
  - 11. A computer-readable medium having computer-executable instructions for performing the method of claim 1.

12. In a system having a security mechanism that determines access of processes to resources based on information in an access token associated with each of the processes against security information associated with each of the resources, a method of restricting the access of an application'"'"'s functions to system resources, comprising, separating at least some of the functions of an application into at least two groups, creating an access token for each group, at least one of the access tokens being a restricted token having reduced access relative to a parent token, and associating the restricted token with at least one of the groups of functions.
- View Dependent Claims (13, 24)
- - 13. A computer-readable medium having computer-executable instructions for performing the method of claim 12.
  - 24. A computer-readable medium having computer-executable instructions for performing the method of claim 12.

14. In a system having a security mechanism that grants or denies a process access to a resource by comparing information in an access token associated with the process against information in an access control list associated with the resource, a method of attempting to access the resource, comprising, creating a restricted access token from a parent token, the restricted token having less access than the parent token, receiving a request to grant the process access to the resource, attempting to access the resource with the restricted token, and if access is denied, attempting to access the resource with the parent token.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14 wherein attempting to access the resource with the parent token includes receiving a response from a user of the system.
  - 16. The method of claim 15 further comprising prompting the user for the response.
  - 17. The method of claim 14 wherein the parent token has a higher parent token with increased access relative thereto, and wherein attempting to access the resource with the parent token further includes attempting to access the resource with the higher parent token if the system denies access to the parent token.
  - 18. The method of claim 14 wherein creating a restricted access token from a parent token includes removing at least one privilege from the restricted token relative to the parent token.
  - 19. The method of claim 14 wherein creating a restricted access token from a parent token includes changing attribute information of a security identifier in the restricted token to use for deny only access via that security identifier, relative to attribute information of a corresponding security identifier in the parent token.
  - 20. The method of claim 14 wherein the parent token is a normal token, and wherein creating a restricted access token from a parent token includes adding a restricted security identifier to the restricted token relative to the parent token.
  - 21. The method of claim 14 wherein the parent token is a restricted token having at least one restricted security identifier therein, and wherein creating a restricted access token from a parent token includes removing at least one restricted security identifier from the restricted token relative to the parent token.
  - 22. The method of claim 14 wherein attempting to access the resource with the restricted token includes associating the process with the restricted token.
  - 23. The method of claim 14 wherein attempting to access the resource with the parent token includes associating the process with the parent token.

25. A system, comprising,a set of resources, each resource having security information associated therewith;
- a set of restriction information associated with a requesting entity and related to access of the requesting entity to the resources;
  
  a mechanism configured to create a restricted access token from a parent access token and the set of restriction information, and to associate the restricted access token with a process of the requesting entity, the restricted access token having reduced access relative to the parent access token; and
  
  a security mechanism configured to determine access of the process to a resource in the set of resources based on information in the restricted access token against the security information associated with that resource.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The system of claim 25 wherein the requesting entity comprises an application program.
  - 27. The system of claim 25 wherein the mechanism configured to create the restricted access token comprises a program launcher.
  - 28. The system of claim 25 wherein the security mechanism is incorporated into an operating system.
  - 29. The system of claim 25 wherein the restriction information identifies at least one file.

30. A system, comprising,a set of resources, each resource having security information associated therewith;
- a set of access tokens including a parent access token and at least one restricted access token created from the parent access token and having reduced access relative to the parent access token;
  
  a requesting entity;
  
  a mechanism configured to determine a selected access token from the set of access tokens based on an operating mode of the requesting entity and a process corresponding to the operating mode, and to associate the selected access token with the process; and
  
  a security mechanism configured to determine access of the process to a resource in the set of resources based on information in the selected access token against the security information associated with that resource.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The system of claim 30 wherein the requesting entity comprises an application program.
  - 32. The system of claim 31 wherein the application program includes a plurality of operating modes, each operating mode having at least one application function corresponding thereto.
  - 33. The system of claim 30 wherein the mechanism configured to determine the selected access token comprises a program launcher that evaluates restriction information associated with the requesting entity.
  - 34. The system of claim 30 wherein the mechanism configured to determine the selected access token determines as the selected access token a first restricted access token on a first attempt to access the resource, and determines as the selected access token a second access token on a second attempt to access the resource.
  - 35. The system of claim 34 wherein the second access token comprises the parent access token.
  - 36. The system of claim 30 wherein the security mechanism is incorporated into an operating system.

37. A computer-implemented method, comprising,selecting a selected access token from a set of access tokens, the set of access tokens including a parent access token and at least one restricted access token created from the parent access token and having reduced access relative to the parent access token;
- associating the selected access token with a process of an requesting entity, the requesting entity capable of requesting access to a set of resources; and
  
  providing the selected access token to a security mechanism upon a request by the requesting entity for access to a resource of the set, the security mechanism determining access of the process to the resource based on the selected access token and security information associated with the resource.
- View Dependent Claims (38, 39, 40, 41, 42, 43)
- - 38. The method of claim 37 wherein selecting a selected access token includes determining an operating mode of the requesting entity.
  - 39. The method of claim 37 wherein selecting a selected access token includes determining a function to be executed by the requesting entity.
  - 40. The method of claim 37 further comprising creating a restricted access token based on restriction information associated with the requesting entity.
  - 41. The method of claim 37 wherein selecting a selected access token includes determining that a previously selected access token has been denied access to the resource.
  - 42. The method of claim 37 wherein selecting a selected access token includes determining that a previously selected access token. has been denied access to the resource, and receiving a request to attempt access with another access token.
  - 43. A computer-readable medium having computer-executable instructions for performing the method of claim 37.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Swift, Michael M.
Primary Examiner(s)
Lee, Thomas
Assistant Examiner(s)
SCHUSTER, KATHARINA W

Application Number

US09/096,679
Time in Patent Office

1,229 Days
Field of Search

713/200, 713/201, 713/169, 713/170, 713/172, 713/173, 713/159, 710/240, 710/200, 710/220, 710/241, 710/242, 710/243, 710/244
US Class Current

726/9
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

Least privilege via restricted tokens

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

352 Citations

43 Claims

Specification

Use Cases

Quick Links

Others

Least privilege via restricted tokens

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

352 Citations

43 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others