Patent · US Active

Protecting a computer device from escalation of privilege attacks

US11321455B2 · kind B2 · utility

2Cited by

10References

20Claims

0Family size

Assignee

Avecto Limited · GB

Inventors

John Goodridge · Grafton, GB
Thomas Couser · Manchester, GB

Key dates

Filing date	Apr 12, 2019
Grant date	May 3, 2022
Priority date	—
Expiry date	Jan 20, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2141
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer device has a kernel driver in a kernel mode of the operating system which records an access token as initially associated with a user process. Later, the user process presents its access token when requesting certain operations through the operating system. The kernel driver detects that the user process has been subject to an escalation of privilege attack by evaluating the access token in its presented form as against the initially recorded access token and, in response, performs a mitigation action such as suspending the user process.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.