Back to Security Pattern Catalog




Controlled Process Creator


Classification Key : Core Security, Elevation of Privilege

Problem

In an operating system, processes are usually created through system calls. The processes should be created according to application needs. If the processes are not controlled, they can interfere with each other and access data illegally. The access rights for resources should be carefully defined according to appropriate policies. How do you design and grant appropriate access rights for new processes ?

Solution

Create child processes with a subset of privileges of their parent process. Parent processes assign the privileges of the child process. There is no automatic inheritance of rights in the creation of children processes.

Known Uses

Hewlett Packard’s Virtual Vault is a hardened operating system where a new set of rights must be defined for each child.

Source

Wiley Book

Tags

Process Creation, Access Rights, Child Process


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz