Back to Security Pattern Catalog




Controlled Object Factory


Classification Key : Core Security, Elevation of Privilege

Problem

Objects are created either at program initialization or dynamically during execution. The access rights of processes with respect to objects must be defined when these objects are created. Applications also use resources that are allocated from resource pools and the applications must have appropriate access rights to them. The access rights are defined by authorization rules or policies that are enforced when a process attempts to access an object. How can this be done?

Solution

Create new objects with limited rights. Intercept new object creation requests and get the requester to fully specify the rights to be associated with the new object.

Known Uses

Windows processes create objects with various Create system call passing access control information (DACL) as parameter.

Source

Wiley Book

Tags

Object Creation, Access Rights


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz