Back to Security Pattern Catalog
Controlled Object Factory
: Core Security, Elevation of Privilege
Objects are created either at program initialization or dynamically during execution. The access rights of processes with respect to objects must be defined when these objects are created. Applications also use resources that are allocated from resource pools and the applications must have appropriate access rights to them. The access rights are defined by authorization rules or policies that are enforced when a process attempts to access an object.
How can this be done?
Create new objects with limited rights. Intercept new object creation requests and get the requester to fully specify the rights to be associated with the new object.
Windows processes create objects with various Create system call passing access control information (DACL) as parameter.
Object Creation, Access Rights
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz