Least privilege via restricted tokens
First Claim
1. In a system having a security mechanism that determines access to resources based on information in an access token against security information associated with each of the resources, a method of restricting the access of an application to system resources, comprising, storing restriction information with respect to the application, the restriction information related to access of the application to the resources, receiving a request to run the application, creating a restricted access token based on the parent token and the restriction information, the restricted access token providing reduced access with respect to a parent access token, and associating the restricted token with the application.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application'"'"'s access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application. Also, the system may enforce running with reduced access by running user processes with a restricted token, and then requiring a definite action by the user to specifically override actions that are restricted by temporarily running with the user'"'"'s normal token.
352 Citations
43 Claims
- 1. In a system having a security mechanism that determines access to resources based on information in an access token against security information associated with each of the resources, a method of restricting the access of an application to system resources, comprising, storing restriction information with respect to the application, the restriction information related to access of the application to the resources, receiving a request to run the application, creating a restricted access token based on the parent token and the restriction information, the restricted access token providing reduced access with respect to a parent access token, and associating the restricted token with the application.
- 12. In a system having a security mechanism that determines access of processes to resources based on information in an access token associated with each of the processes against security information associated with each of the resources, a method of restricting the access of an application'"'"'s functions to system resources, comprising, separating at least some of the functions of an application into at least two groups, creating an access token for each group, at least one of the access tokens being a restricted token having reduced access relative to a parent token, and associating the restricted token with at least one of the groups of functions.
- 14. In a system having a security mechanism that grants or denies a process access to a resource by comparing information in an access token associated with the process against information in an access control list associated with the resource, a method of attempting to access the resource, comprising, creating a restricted access token from a parent token, the restricted token having less access than the parent token, receiving a request to grant the process access to the resource, attempting to access the resource with the restricted token, and if access is denied, attempting to access the resource with the parent token.
-
25. A system, comprising,
a set of resources, each resource having security information associated therewith; -
a set of restriction information associated with a requesting entity and related to access of the requesting entity to the resources;
a mechanism configured to create a restricted access token from a parent access token and the set of restriction information, and to associate the restricted access token with a process of the requesting entity, the restricted access token having reduced access relative to the parent access token; and
a security mechanism configured to determine access of the process to a resource in the set of resources based on information in the restricted access token against the security information associated with that resource. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A system, comprising,
a set of resources, each resource having security information associated therewith; -
a set of access tokens including a parent access token and at least one restricted access token created from the parent access token and having reduced access relative to the parent access token;
a requesting entity;
a mechanism configured to determine a selected access token from the set of access tokens based on an operating mode of the requesting entity and a process corresponding to the operating mode, and to associate the selected access token with the process; and
a security mechanism configured to determine access of the process to a resource in the set of resources based on information in the selected access token against the security information associated with that resource. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A computer-implemented method, comprising,
selecting a selected access token from a set of access tokens, the set of access tokens including a parent access token and at least one restricted access token created from the parent access token and having reduced access relative to the parent access token; -
associating the selected access token with a process of an requesting entity, the requesting entity capable of requesting access to a set of resources; and
providing the selected access token to a security mechanism upon a request by the requesting entity for access to a resource of the set, the security mechanism determining access of the process to the resource based on the selected access token and security information associated with the resource. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
Specification