Back to Security Pattern Catalog

Controlled Object Factory

Classification Key : Core Security, Elevation of Privilege


Objects are created either at program initialization or dynamically during execution. The access rights of processes with respect to objects must be defined when these objects are created. Applications also use resources that are allocated from resource pools and the applications must have appropriate access rights to them. The access rights are defined by authorization rules or policies that are enforced when a process attempts to access an object. How can this be done?


Create new objects with limited rights. Intercept new object creation requests and get the requester to fully specify the rights to be associated with the new object.

Known Uses

Windows processes create objects with various Create system call passing access control information (DACL) as parameter.


Wiley Book


Object Creation, Access Rights


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz