Back to Security Pattern Catalog

Controlled Process Creator

Classification Key : Core Security, Elevation of Privilege


In an operating system, processes are usually created through system calls. The processes should be created according to application needs. If the processes are not controlled, they can interfere with each other and access data illegally. The access rights for resources should be carefully defined according to appropriate policies. How do you design and grant appropriate access rights for new processes ?


Create child processes with a subset of privileges of their parent process. Parent processes assign the privileges of the child process. There is no automatic inheritance of rights in the creation of children processes.

Known Uses

Hewlett Packard’s Virtual Vault is a hardened operating system where a new set of rights must be defined for each child.


Wiley Book


Process Creation, Access Rights, Child Process


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz