Back to Security Pattern Catalog
Controlled Process Creator
: Core Security, Elevation of Privilege
In an operating system, processes are usually created through system calls. The processes should be created according to application needs. If the processes are not controlled, they can interfere with each other and access data illegally. The access rights for resources should be carefully defined according to appropriate policies.
How do you design and grant appropriate access rights for new processes ?
Create child processes with a subset of privileges of their parent process. Parent processes assign the privileges of the child process. There is no automatic inheritance of rights in the creation of children processes.
Hewlett Packard’s Virtual Vault is a hardened operating system where a new set of rights must be defined for each child.
Process Creation, Access Rights, Child Process
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz