IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8397290 B1

PDFFull Text
Date of Patent:
Mar. 12, 2013

Filed:

Jun. 27, 2008

Granting least privilege access for computing processes

Applicants:

Neil Laurence Coles, Redmond, WA (US);

Scott Randall Shell, Kirkland, WA (US);

Upender Reddy Sandadi, Issaquah, WA (US);

Angelo Renato Vals, Redmond, WA (US);

Matthew G. Lyons, Palatine, IL (US);

Christopher Ross Jordan, Redmond, WA (US);

Andrew Rogers, Bellevue, WA (US);

Yadhu Gopalan, Issaquah, WA (US);

Bor-ming Hsieh, Redmond, WA (US);

Inventors:

Neil Laurence Coles, Redmond, WA (US);

Scott Randall Shell, Kirkland, WA (US);

Upender Reddy Sandadi, Issaquah, WA (US);

Angelo Renato Vals, Redmond, WA (US);

Matthew G. Lyons, Palatine, IL (US);

Christopher Ross Jordan, Redmond, WA (US);

Andrew Rogers, Bellevue, WA (US);

Yadhu Gopalan, Issaquah, WA (US);

Bor-Ming Hsieh, Redmond, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Merchant & Gould

Primary Examiner:

Kambiz Zand

Assistant Examiner:

Michael Guirguis

Int. Cl.
CPC ...
G06F 21/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

Embodiments provide a security infrastructure that may be configured to run on top of an existing operating system to control what resources can be accessed by an applications and what APIs an application can call. Security decisions are made by taking into account both the current thread's identity and the current thread's call chain context to enable minimal privilege by default. The current thread context is captured and a copy of it is created to be used to perform security checks asynchronously. Every thread in the system has an associated identity. To obtain access to a particular resource, all the callers on the current thread are analyzed to make sure that each caller and thread has access to that resource. Only when each caller and thread has access to that resource is the caller given access to that resource.

Find Patent Forward Citations

Loading…