Systems and Methods for Providing Automated Access to Resources of Computer Systems
US-2024430261-A1 · Dec 26, 2024 · US
Temporary process deprivileging
US9723006B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9723006-B2 |
| Application number | US-201514752902-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 27, 2015 |
| Priority date | Jun 27, 2015 |
| Publication date | Aug 1, 2017 |
| Grant date | Aug 1, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource; determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.
First claim
Opening claim text (preview).
What is claimed is: 1. A computing apparatus, comprising: a process deprivileging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request by the process directed to a first resource; determining that the first resource is not owned by the process; and based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource. 2. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for: intercepting a second access request directed to a second resource; determining that the second resource is owned by the process; and permitting access to the second resource. 3. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for: intercepting a third access request directed to a third resource; determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and permitting read-only access to the third resource. 4. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for determining that the first access request is a safe access, and restoring privileges to the process. 5. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for determining that the first access request is an auto-blocked access, and terminating the process. 6. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process. 7. The computing apparatus of claim 1 , wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving a negative response, and terminating the process. 8. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a deprivileging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request by the process directed to a first resource; determining that the first resource is not owned by the process; and based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource. 9. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for: intercepting a second access request directed to a second resource; determining that the second resource is owned by the process; and permitting access to the second resource. 10. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for: intercepting a third access request directed to a third resource; determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and permitting read-only access to the third resource. 11. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for determining that the first access request is a safe access, and restoring privileges to the process. 12. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for determining that the first access request is an auto-blocked access, and terminating the process. 13. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process. 14. The one or more tangible, non-transitory computer-readable storage mediums of claim 8 , wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving a negative response, and terminating the process. 15. A computer-implemented method of providing a process deprivileging engine, comprising: recognizing that a process has an undetermined reputation; intercepting a first access request by the process directed to a first resource; determining that the first resource is not owned by the process; and based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource. 16. The computer-implemented method of claim 15 , further comprising: intercepting a second access request directed to a second resource; determining that the second resource is owned by the process; and permitting access to the second resource. 17. The computer-implemented method of claim 15 , further comprising: intercepting a third access request directed to a third resource; determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and permitting read-only access to the third resource. 18. The computer-implemented method of claim 15 , further comprising determining that the first access request is a safe access, and restoring privileges to the process. 19. The computer-implemented method of claim 15 , further comprising determining that the first access request is an auto-blocked access, and terminating the process. 20. The computer-implemented method of claim 15 , further comprising prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process. 21. The computer-implemented method of claim 15 , further comprising prompting a user for a verification input, receiving a negative response, and terminating the process.
Assignees
Inventors
Classifications
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Event detection, e.g. attack signature detection · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
- G06F21/52Primary
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9723006B2 cover?
- There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource; determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a metho…
- Who is the assignee on this patent?
- Mcafee Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 01 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).