Enhancing computer system security via multiple user desktops
First Claim
1. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to perform functions including:
- maintaining a plurality of desktops corresponding to a user;
associating each of a plurality of objects with at least one of the plurality of desktops;
associating each of a plurality of processes with at least one of the plurality of desktops; and
allowing each of the plurality of processes to access an object of the plurality of objects only if a security descriptor for the object has a desktop identifier that is the same as a desktop identifier in an access token for the process, the security descriptor including the desktop identifier, an owner identifier that identifies the process that created the object, and an access control list.
2 Assignments
0 Petitions
Accused Products
Abstract
Users can create multiple different desktops for themselves and easily switch between these desktops. These multiple desktops are “walled off” from one another, limiting the ability of processes and other subjects in one desktop from accessing objects, such as data files or other processes, in another desktop. According to one aspect, each time a process is launched it is associated with the desktop that it is launched in. Similarly, objects, such as data files or resources, are associated with the same desktop as the process that created them. The operating system allows a process to access only those objects that are either associated with the same desktop as the process or associated with no desktop.
135 Citations
41 Claims
-
1. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to perform functions including:
-
maintaining a plurality of desktops corresponding to a user; associating each of a plurality of objects with at least one of the plurality of desktops; associating each of a plurality of processes with at least one of the plurality of desktops; and allowing each of the plurality of processes to access an object of the plurality of objects only if a security descriptor for the object has a desktop identifier that is the same as a desktop identifier in an access token for the process, the security descriptor including the desktop identifier, an owner identifier that identifies the process that created the object, and an access control list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
maintaining a record of a plurality of desktops corresponding to a user and, for each of the plurality of desktops, a set of objects that corresponds to the desktop; and for each of a plurality of subjects; checking whether an object to be accessed by the subject is confined to one of the plurality of desktops, and if the object is confined to one of the plurality of desktops, then checking whether the object corresponds to the same desktop as the subject based on a desktop identifier that identifies the desktop that corresponds to the object and that is included in a security descriptor for the object along with an owner identifier that identifies the owner of the object and an access control list for the object, and allowing the subject to access the object only if the object corresponds to the same desktop as the subject. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A method comprising:
-
allowing a plurality of processes to be launched from a plurality of desktops; identifying, when a user logs on to a computer, the plurality of desktops corresponding to the user; and for each process of the plurality of processes, checking whether the process is associated with the one of the plurality of desktops that the process was launched from, preventing the process from accessing an object if the object is associated with one of the plurality of desktops but is not associated with the desktop the process was launched from, and comparing an access token of the process with an access control list of a security descriptor of the object only if the process is not associated with any of the plurality of desktops or if the process is associated with the one of the plurality of desktops that the process was launched from. - View Dependent Claims (24, 25, 26)
-
-
27. An apparatus comprising:
-
a bus; a processor coupled to the bus; and a memory, coupled to the bus, to store a plurality of instructions that are executed by the processor, wherein the plurality of instructions, when executed, cause the processor to, identify which of a plurality of objects are associated with which of a plurality of desktops, identify which of a plurality of processes are associated with which of the plurality of desktops, and restrict, based on desktop identifiers of the plurality of processes and desktop identifiers of the plurality of objects, the plurality of processes to accessing only objects which are either associated with the same desktop as the process or associated with no desktop, the desktop identifiers of the plurality of objects being included in security descriptors for the plurality of objects along with owner identifiers that identify owners of the plurality of objects and access control lists of the objects. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A computer-readable storage medium comprising computer-executable instructions that implement an interface method, the interface method performing a function comprising:
checking which of a plurality of desktops corresponding to a user is associated with an identified object, the checking being based at least in part on a desktop identifier included in a security descriptor of the identified object along with an owner identifier of the object and an access control list of the object. - View Dependent Claims (33, 34, 35)
-
36. In a computer system having a graphical user interface including a display and a user interface selection device, a method comprising:
-
limiting access to a plurality of objects in the computer system based on desktop identifiers of the plurality of objects, the desktop identifiers being included in security descriptors of the plurality of objects along with owner identifiers that identify owners of the plurality of objects and access control lists of the objects; displaying a set of desktops corresponding to a user; receiving a selection of one of the set of desktops from the user; and changing the access to the plurality of objects based on the selected desktop.
-
-
37. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to:
-
maintain a record of a plurality of desktops corresponding to a user and, for each of the plurality of desktops, a set of objects that corresponds to the desktop; and for each of a plurality of subjects; check whether an object to be accessed by the subject is confined to one of the plurality of desktops, and if the object is confined to one of the plurality of desktops, then check whether the object corresponds to the same desktop as the subject based on a desktop identifier that identifies the desktop that corresponds to the object and that is included in a security descriptor for the object along with an owner identifier that identifies the owner of the object and an access control list for the object, and allow the subject to access the object only if the object corresponds to the same desktop as the subject. - View Dependent Claims (38, 39, 40, 41)
-
Specification