KR20110040767A - 컴퓨팅 프로세스의 최소 특권의 액세스 허가 - Google Patents

컴퓨팅 프로세스의 최소 특권의 액세스 허가 Download PDF

Info

Publication number
KR20110040767A
KR20110040767A KR1020107028644A KR20107028644A KR20110040767A KR 20110040767 A KR20110040767 A KR 20110040767A KR 1020107028644 A KR1020107028644 A KR 1020107028644A KR 20107028644 A KR20107028644 A KR 20107028644A KR 20110040767 A KR20110040767 A KR 20110040767A
Authority
KR
South Korea
Prior art keywords
security
access
token
privileges
identities
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
KR1020107028644A
Other languages
English (en)
Korean (ko)
Inventor
닐 로렌스 콜스
스캇 랜들 쉘
우펜더 레디 산다디
안젤로 레나토 발스
매튜 지. 리온스
크리스토퍼 로스 조던
앤드류 로저스
야두 고팔란
보-밍 시에
Original Assignee
마이크로소프트 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 코포레이션 filed Critical 마이크로소프트 코포레이션
Publication of KR20110040767A publication Critical patent/KR20110040767A/ko
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
KR1020107028644A 2008-06-27 2009-06-24 컴퓨팅 프로세스의 최소 특권의 액세스 허가 Ceased KR20110040767A (ko)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/163,164 US8397290B2 (en) 2008-06-27 2008-06-27 Granting least privilege access for computing processes
US12/163,164 2008-06-27

Publications (1)

Publication Number Publication Date
KR20110040767A true KR20110040767A (ko) 2011-04-20

Family

ID=41445278

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020107028644A Ceased KR20110040767A (ko) 2008-06-27 2009-06-24 컴퓨팅 프로세스의 최소 특권의 액세스 허가

Country Status (6)

Country Link
US (1) US8397290B2 (enExample)
EP (1) EP2291785A4 (enExample)
JP (1) JP5462254B2 (enExample)
KR (1) KR20110040767A (enExample)
CN (1) CN102112990B (enExample)
WO (1) WO2009158405A2 (enExample)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014069898A1 (ko) * 2012-10-30 2014-05-08 엘지전자 주식회사 무선 통신 시스템에서 특정 리소스에 대한 접근 권한을 인증하기 위한 방법 및 장치
US10868814B2 (en) 2018-04-30 2020-12-15 Samsung Electronics Co., Ltd. System and method for flow-based architecture

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8397290B2 (en) * 2008-06-27 2013-03-12 Microsoft Corporation Granting least privilege access for computing processes
WO2010037201A1 (en) * 2008-09-30 2010-04-08 Wicksoft Corporation System and method for secure management of mobile user access to enterprise network resources
US8798579B2 (en) 2008-09-30 2014-08-05 Xe2 Ltd. System and method for secure management of mobile user access to network resources
US9167028B1 (en) * 2009-09-10 2015-10-20 AppDynamics, Inc. Monitoring distributed web application transactions
US8938533B1 (en) * 2009-09-10 2015-01-20 AppDynamics Inc. Automatic capture of diagnostic data based on transaction behavior learning
US8990561B2 (en) * 2011-09-09 2015-03-24 Microsoft Technology Licensing, Llc Pervasive package identifiers
US9800688B2 (en) 2011-09-12 2017-10-24 Microsoft Technology Licensing, Llc Platform-enabled proximity service
US9311598B1 (en) 2012-02-02 2016-04-12 AppDynamics, Inc. Automatic capture of detailed analysis information for web application outliers with very low overhead
US9491247B2 (en) 2012-02-02 2016-11-08 AppDynamics, Inc. Automatic capture of detailed analysis information based on remote server analysis
CN102647429A (zh) * 2012-04-28 2012-08-22 杭州格畅科技有限公司 应用间通信的访问控制方法、应用进程管理器、在线应用平台
US10356204B2 (en) 2012-12-13 2019-07-16 Microsoft Technology Licensing, Llc Application based hardware identifiers
CN104969235B (zh) * 2013-01-31 2018-02-02 日本电气株式会社 网络系统
JP6123350B2 (ja) * 2013-02-26 2017-05-10 日本電気株式会社 検証装置、検証方法、及びプログラム
WO2014143029A1 (en) 2013-03-15 2014-09-18 Mcafee, Inc. Generic privilege escalation prevention
US8990839B2 (en) * 2013-04-22 2015-03-24 Microsoft Technology Licensing, Llc Controlling runtime access to application programming interfaces
US9858247B2 (en) 2013-05-20 2018-01-02 Microsoft Technology Licensing, Llc Runtime resolution of content references
CN103745161B (zh) * 2013-12-23 2016-08-24 东软集团股份有限公司 访问安全控制方法及装置
CN105471824A (zh) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 实现浏览器调用本地业务组件的方法、装置及系统
JP6340308B2 (ja) * 2014-12-05 2018-06-06 日本電信電話株式会社 並列処理システム、方法、およびプログラム
WO2016105969A1 (en) 2014-12-26 2016-06-30 Mcafee, Inc. Trusted updates
CN104735091B (zh) * 2015-04-17 2018-03-30 三星电子(中国)研发中心 一种基于Linux系统的用户访问控制方法和装置
US10963565B1 (en) * 2015-10-29 2021-03-30 Palo Alto Networks, Inc. Integrated application analysis and endpoint protection
CN105550587A (zh) * 2015-12-11 2016-05-04 北京元心科技有限公司 在多系统的终端设备中控制系统资源访问的方法及装置
CN109690544B (zh) * 2016-10-14 2020-12-15 华为技术有限公司 用于跟踪跨多个执行环境的访问许可的装置和方法
KR102690486B1 (ko) * 2016-11-28 2024-08-01 삼성전자주식회사 프로세서 및 그 제어방법
US10623410B2 (en) 2017-04-24 2020-04-14 Microsoft Technology Licensing, Llc Multi-level, distributed access control between services and applications
US10897462B2 (en) * 2017-05-16 2021-01-19 Citrix Systems, Inc. Systems and methods for encoding additional authentication data into an active directory security identifier
US10762202B2 (en) * 2018-04-11 2020-09-01 Crowdstrike, Inc. Securely and efficiently providing user notifications about security actions
US11132437B2 (en) 2018-06-26 2021-09-28 The Government Of The United States Of America, As Represented By The Secretary Of The Navy Secure computer operating system through interpreted user applications
CN109284193B (zh) * 2018-09-06 2022-12-09 平安科技(深圳)有限公司 一种基于多线程的分布式数据处理方法及服务器
CN109684104B (zh) * 2018-12-17 2021-03-26 广州方硅信息技术有限公司 一种服务间调用链的展示实现方法及设备
CN111381977A (zh) * 2018-12-29 2020-07-07 北大方正集团有限公司 消息处理方法及设备
US11822676B2 (en) * 2019-06-25 2023-11-21 Vmware, Inc. Determination of a minimal set of privileges to execute a workflow in a virtualized computing environment
US11433536B2 (en) * 2019-09-19 2022-09-06 UiPath, Inc. Process understanding for robotic process automation (RPA) using sequence extraction
CN110740102B (zh) * 2019-09-29 2021-10-15 苏州浪潮智能科技有限公司 一种通信方法、系统、设备及计算机可读存储介质
US11436160B2 (en) * 2019-10-03 2022-09-06 Microsoft Technology Licensing, Llc Protection of data in memory of an integrated circuit using a secret token
US20230421597A1 (en) * 2022-06-28 2023-12-28 QSecGrid, Inc. Cybersecurity risk assessment and measurement

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5187790A (en) 1989-06-29 1993-02-16 Digital Equipment Corporation Server impersonation of client processes in an object based computer operating system
US5414852A (en) * 1992-10-30 1995-05-09 International Business Machines Corporation Method for protecting data in a computer system
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US6377994B1 (en) 1996-04-15 2002-04-23 International Business Machines Corporation Method and apparatus for controlling server access to a resource in a client/server system
US6338064B1 (en) 1998-05-14 2002-01-08 International Business Machines Corporation Method for enabling a web server running a “closed” native operating system to impersonate a user of a web client to obtain a protected file
US6279111B1 (en) * 1998-06-12 2001-08-21 Microsoft Corporation Security model using restricted tokens
US6412070B1 (en) * 1998-09-21 2002-06-25 Microsoft Corporation Extensible security system and method for controlling access to objects in a computing environment
US6385724B1 (en) * 1998-11-30 2002-05-07 Microsoft Corporation Automatic object caller chain with declarative impersonation and transitive trust
US7188254B2 (en) 2003-08-20 2007-03-06 Microsoft Corporation Peer-to-peer authorization method
US20050091535A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Application identity for software products
US7703135B2 (en) * 2004-12-21 2010-04-20 International Business Machines Corporation Accessing protected resources via multi-identity security environments
US20060193467A1 (en) 2005-02-16 2006-08-31 Joseph Levin Access control in a computer system
US8646044B2 (en) * 2005-04-28 2014-02-04 Microsoft Corporation Mandatory integrity control
US20060259947A1 (en) * 2005-05-11 2006-11-16 Nokia Corporation Method for enforcing a Java security policy in a multi virtual machine system
US20060259980A1 (en) * 2005-05-16 2006-11-16 Microsoft Corporation Method and system for limiting rights of services
US7702912B2 (en) * 2005-05-19 2010-04-20 Novell, Inc. Secure systems management
US20070011452A1 (en) * 2005-07-08 2007-01-11 Alcatel Multi-level and multi-factor security credentials management for network element authentication
US8024770B2 (en) 2006-06-21 2011-09-20 Microsoft Corporation Techniques for managing security contexts
US8397290B2 (en) * 2008-06-27 2013-03-12 Microsoft Corporation Granting least privilege access for computing processes

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014069898A1 (ko) * 2012-10-30 2014-05-08 엘지전자 주식회사 무선 통신 시스템에서 특정 리소스에 대한 접근 권한을 인증하기 위한 방법 및 장치
CN104303454A (zh) * 2012-10-30 2015-01-21 Lg电子株式会社 认证对无线通信系统中的特定资源的访问授权的方法和装置
US9654971B2 (en) 2012-10-30 2017-05-16 Lg Electronics Inc. Method and apparatus for authenticating access authority for specific resource in wireless communication system
CN104303454B (zh) * 2012-10-30 2018-07-20 Lg电子株式会社 认证对无线通信系统中的特定资源的访问授权的方法
US10506432B2 (en) 2012-10-30 2019-12-10 Lg Electronics Inc. Method and apparatus for authenticating access authority for specific resource in wireless communication system
US10868814B2 (en) 2018-04-30 2020-12-15 Samsung Electronics Co., Ltd. System and method for flow-based architecture

Also Published As

Publication number Publication date
JP5462254B2 (ja) 2014-04-02
CN102112990A (zh) 2011-06-29
US8397290B2 (en) 2013-03-12
US20090328180A1 (en) 2009-12-31
WO2009158405A3 (en) 2010-04-22
EP2291785A2 (en) 2011-03-09
EP2291785A4 (en) 2011-12-21
CN102112990B (zh) 2014-08-13
WO2009158405A2 (en) 2009-12-30
JP2011526387A (ja) 2011-10-06

Similar Documents

Publication Publication Date Title
KR20110040767A (ko) 컴퓨팅 프로세스의 최소 특권의 액세스 허가
US11334562B2 (en) Blockchain based data management system and method thereof
JP4676744B2 (ja) セキュリティ関連プログラミング・インターフェース
US6934758B2 (en) Stack-based access control using code and executor identifiers
JP4414092B2 (ja) 制限付きトークンを介した最小権限
US20080126800A1 (en) Methodologies to secure inter-process communication based on trust
CN112805708A (zh) 保护计算机系统上的选定磁盘
WO2022240563A1 (en) Abnormally permissive role definition detection systems
CN108228353A (zh) 资源访问控制方法、装置及相应终端
KR100949024B1 (ko) 리소스 획득 방법 및 컴퓨터 판독 가능 매체
US9516032B2 (en) Methods and systems for using derived user accounts
CN113836529A (zh) 进程检测方法、装置、存储介质以及计算机设备
US20210224398A1 (en) Managing the loading of sensitive modules
KR20030086722A (ko) 커널 백도어 탐지 시스템, 이를 이용한 커널 백도어 탐지방법 및 커널 데이터 복구 방법
JP2002149494A (ja) アクセス制御方法およびアクセス制御装置および記録媒体
US20180069859A1 (en) Mobile terminal and control method thereof
RU2659743C1 (ru) Система и способ контроля доступа на основе ACL
GB2561861A (en) Computer device and method for isolating untrusted content
CN112118290A (zh) 一种基于程序分析的数据资源的管控方法
CN119442282B (zh) 一种集群检测方法、装置、设备、介质及产品
US20250086269A1 (en) System and method for managing memory, and electronic device
Morisset et al. Automated detection of information leakage in access control
Dohlus et al. Integrated Information Systems: Design-Options for Consortial Plattforms
CN120259010A (zh) 社群管理方法、装置、设备及存储介质
CN118862136A (zh) 用于在多个应用之间共享数据的方法、装置、设备和介质

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20101220

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20140530

Comment text: Request for Examination of Application

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20150914

Patent event code: PE09021S01D

E601 Decision to refuse application
PE0601 Decision on rejection of patent

Patent event date: 20151223

Comment text: Decision to Refuse Application

Patent event code: PE06012S01D

Patent event date: 20150914

Comment text: Notification of reason for refusal

Patent event code: PE06011S01I