摘要:
A restrict ed access token is created from an existing token, and provides less access than that token. A restricted token may be created by changing an attribute of one or more security identifiers allowing access in the parent token to a setting that denies access in the restricted token and/or removing one or more privileges from the restricted token relative to the parent token. A restricted access token also may be created by adding restricted security identifiers thereto. Once created, a process associates another process with the restricted token to launch the other process in a restricted context that is a subset of its own rights and privileges. A kernel-mode security mechanism determines whether the restricted process has access to a resource by first comparing user-based security identifiers in the restricted token and the intended type of action against a list of identifiers and actions associated with the resource. If no restricted security identifiers are in the restricted token, access is determined by this first check, otherwise a second access check further compares the restricted security identifiers against the list of identifiers and actions associated with the resource. With a token having restricted security identifiers, the process is granted access if both the first and second access checks pass. In this manner, a process is capable of restricting another process, such as possibly unruly code, in the actions it can perform.
摘要:
Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.
摘要:
A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.
摘要:
Providing object type specific access control to an object is described. In one embodiment, a computer system comprises an operating system operative to control an application and a service running on a computer. The service maintains a service object having a link to an access control entry. The access control entry contains an access right to perform an operation on an object type. The system further includes an access control module within the operating system. The access control module includes an access control interface and operates to grant or deny the access right to perform the operation on the object.
摘要:
Providing access control to individual properties of an object is described. In one embodiment, a computer system comprises an operating system operative to control applications and services running on the system. The service maintains a service object having at least one property. Also included in the system is an access control module within the operating system. The access control module includes an access control interface operative to control access to a property of the object.
摘要:
A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.
摘要:
A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
摘要:
The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component. The challenge contains a unique identifier generated by the server C-R component. The client C-R component responds to the challenge by sending a challenge response and the session key. The challenge response is the unique identifier contained within the challenge encrypted with the password of the user of the client computer. The session key is also encrypted using this password. Upon receiving the challenge response, the server C-R component uses its copy of the client's password to create its own version of the challenge response and compares it to the version received from the client C-R component. If the two versions of the challenge response are identical, the identity of the user of the client computer has been verified. If the two versions are not identical, an attempted unauthorized access has been detected. After verification, the server C-R component extracts the session key, decrypts the message, and invokes the requested procedure of the server program. Subsequently, the server C-R component will send and receive encrypted messages from the client C-R component, thereby facilitating a remote procedure call.
摘要:
A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application. Also, the system may enforce running with reduced access by running user processes with a restricted token, and then requiring a definite action by the user to specifically override actions that are restricted by temporarily running with the user's normal token.
摘要:
A remote boot process uses a secret to sign and/or seal the data necessary to remotely boot a client from a server on a network to ensure the integrity of the data. The secret is generated by the server and securely delivered to the client during the initial setup of the client. The secret contains a one-way encryption of the password for the client account on the server. Each side balances a signed message with a verify and a sealed message with an unseal. Subsequent transactions between the client and server are conducted using messages encrypted with a key generated by the server and securely delivered to the client in a message sealed using the secret. The secret can also be used in conjunction with an access data structure to prevent unauthorized users from accessing data stored on the server on behalf of the client or other users. In other aspects of the invention, the secret is replaced by a client private/public key pair.