US2016378962A1PendingUtilityA1

Method and Apparatus for Controlling Access to a Resource in a Computer Device

50
Assignee: AVECTO LTDPriority: Sep 30, 2011Filed: Sep 9, 2016Published: Dec 29, 2016
Est. expirySep 30, 2031(~5.2 yrs left)· nominal 20-yr term from priority
Inventors:Mark Austin
G06F 21/6227G06F 2221/2141G06F 21/54G06F 21/604G06F 21/31G06F 21/335G06F 21/6281
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A computer device and method are described for controlling access to a resource. An execution environment executes a user process with access privileges according to a user security context. A security unit controls access to resources according to the user security context, with the user process making system calls to the security unit. A proxy hook module embedded within the user process intercepts the system call and generates a proxy resource access request. A proxy service module in a privileged security context validates the proxy resource access request from the proxy hook module and, if validated, obtains and returns a resource handle that permits access to the desired resource by the user process.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of controlling access to a resource in a computer device, the method comprising:
 executing a user process in an execution environment of the computer device according to a user security context which defines access privileges of the user process;   controlling access by the user process to a plurality of resources available in the execution environment according to the user security context by a security unit of the computer device, wherein the user process is arranged to request access to a desired resource of the plurality of resources by making a system call to the security unit;   intercepting the system call made by the user process to request access to the desired resource by a proxy hook module embedded within the user process;   generating a proxy resource access request by the proxy hook module in response to intercepting the system call and sending the proxy resource access request to a proxy service module executing in a privileged security context different from the user security context of the user process;   validating the proxy resource access request by the proxy service module and, if validated, obtaining from the security unit a resource handle that permits access to the desired resource; and   returning the resource handle from the proxy service module to the user process via the proxy hook module thereby permitting access by the user process to the desired resource.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.