System and method for executing interactive applications with minimal privileges
US8429711B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 13, 2009 |
| Grant date | Apr 23, 2013 |
| Priority date | — |
| Expiry date | Jan 29, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/52
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system. The policy-based decision system makes its determination based on an analysis of the application requirements, an analysis of the data security and privacy concerns associated with the execution of the application, the identity of the user and user's role and any other policy considerations previously specified by an administrator. Once the determination as to the appropriate set of privileges to be afforded in the execution env…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.