Back to Security Pattern Catalog

Execution Domain

Classification Key : Core Security, Elevation of Privilege


Restricting a process to a specific set of resources is the first line of defense to control malicious behavior. Otherwise, unauthorized processes could destroy or modify information in files or databases. How can the resources be protected from unauthorized access?


Define an execution environment for processes, indicating explicitly all the resources a process can use during its execution, as well as the type of access for the resources. Attach a set of descriptors to the process.

Known Uses

The concept comes from Multics. The Plessey 250 and IBM S/6000 running AIX are good examples of the use of these patterns. The Java VM also defines restricted execution environment.

Related Patterns

Controlled Process Creator


Wiley Book


Process Creation, Access rights, Descriptors


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz