Back to Security Pattern Catalog




Execution Domain


Classification Key : Core Security, Elevation of Privilege

Problem

Restricting a process to a specific set of resources is the first line of defense to control malicious behavior. Otherwise, unauthorized processes could destroy or modify information in files or databases. How can the resources be protected from unauthorized access?

Solution

Define an execution environment for processes, indicating explicitly all the resources a process can use during its execution, as well as the type of access for the resources. Attach a set of descriptors to the process.

Known Uses

The concept comes from Multics. The Plessey 250 and IBM S/6000 running AIX are good examples of the use of these patterns. The Java VM also defines restricted execution environment.

Related Patterns

Controlled Process Creator

Source

Wiley Book

Tags

Process Creation, Access rights, Descriptors


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz