Managed control of processes including privilege escalation
First Claim
Patent Images
1. A computer storage memory having computer-executable instructions stored thereon that when executed cause a computing device to perform a method comprising:
- receiving a request for an execution role of a process selected by a user for execution on the computing device, said process having limited access to system resources;
accessing configuration data relating to the process, said accessed configuration data defining rights for execution of the process;
determining the rights for the process based on the accessed configuration data;
accessing privilege data stored in a memory area to retrieve the execution role associated with the process based on the determined rights;
receiving a request from the user for modification of the execution role for the process; and
modifying the execution role based on the determined rights to enable the process a different level of access to the system resources.
3 Assignments
0 Petitions
Accused Products
Abstract
Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.
-
Citations
20 Claims
-
1. A computer storage memory having computer-executable instructions stored thereon that when executed cause a computing device to perform a method comprising:
-
receiving a request for an execution role of a process selected by a user for execution on the computing device, said process having limited access to system resources; accessing configuration data relating to the process, said accessed configuration data defining rights for execution of the process; determining the rights for the process based on the accessed configuration data; accessing privilege data stored in a memory area to retrieve the execution role associated with the process based on the determined rights; receiving a request from the user for modification of the execution role for the process; and modifying the execution role based on the determined rights to enable the process a different level of access to the system resources. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
receiving a request for an execution role associated with one of a plurality of processes, said one of the plurality of processes being selected by a user for execution on a computing device, said one of the plurality of processes having limited access to system resources; accessing configuration data relating to the process, said accessed configuration data defining rights for execution of the process; determining, based on the configuration data, the rights for execution of the selected process; retrieving, based on the determined rights, the requested execution role for the selected process; receiving a request for modification of the execution role for the selected process; and modifying the execution role based on the determined rights to enable the selected process a different level of access to the system resources. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a memory area for storing privilege data relating to a plurality of processes for execution, said privilege data defining access by each of the plurality of processes to resources, said privilege data including an execution role for each of the plurality of processes; a processor configured to execute computer-executable instructions for; receiving a request for the execution role of a particular process to be executed, said particular process being selected by a user for execution, said particular process being one of the plurality of processes and having limited access to system resources; accessing configuration data relating to the particular process, said accessed configuration data defining rights for execution of the particular process; determining the rights for the particular process based on the accessed configuration data; accessing the privilege data stored in the memory area to retrieve the execution role associated with the particular process based on the determined rights; receiving a request from a user for modification of the execution role for the particular process; and modifying the execution role based on the determined rights to enable the particular process a different level of access to the system resources. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification