AUTOMATIC ACCESS CONTROL OF CALLS MADE OVER NAMED PIPES WITH OPTIONAL CALLING CONTEXT IMPERSONATION

Organization Name

Dell Products L.P.

Inventor(s)

Daniel Thomas Daugherty of Plano TX (US)

Ricardo Antonio Ruiz of The Colony TX (US)

AUTOMATIC ACCESS CONTROL OF CALLS MADE OVER NAMED PIPES WITH OPTIONAL CALLING CONTEXT IMPERSONATION - A simplified explanation of the abstract

This abstract first appeared for US patent application 17965541 titled 'AUTOMATIC ACCESS CONTROL OF CALLS MADE OVER NAMED PIPES WITH OPTIONAL CALLING CONTEXT IMPERSONATION

Simplified Explanation

The patent application describes systems and methods for automatically filtering privileged methods from unprivileged methods to prevent unauthorized access to privileged methods by consumer applications on an information handling system.

• Identifying unprivileged methods within an original implementation class of an elevated publisher software application that are eligible to be shared with an unelevated consumer software application via a named pipe.
• Implementing a dynamic publisher object on the elevated publisher software application and an intermediary dynamic consumer proxy class on the unelevated consumer software application to restrict access to privileged methods within the original implementation class.

Potential Applications

This technology could be applied in secure software development, where sensitive methods need to be protected from unauthorized access by lower privilege level applications.

Problems Solved

This technology addresses the issue of unauthorized access to privileged methods by consumer applications, enhancing the security and integrity of the software system.

Benefits

The system provides a mechanism to control access to privileged methods, ensuring that only authorized applications can utilize sensitive functionality within the software.

Potential Commercial Applications

One potential commercial application of this technology could be in the development of secure communication software, where encryption and decryption methods need to be protected from unauthorized access.

Possible Prior Art

One possible prior art for this technology could be the use of access control lists in operating systems to restrict access to certain system resources based on user privileges.

Unanswered Questions

How does this technology impact software performance?

This article does not delve into the potential performance implications of implementing the described filtering mechanism. It would be interesting to know if there are any performance overheads associated with this approach.

Are there any potential vulnerabilities in this filtering mechanism?

The article does not discuss any potential weaknesses or vulnerabilities that could be exploited to bypass the filtering of privileged methods. It would be important to understand the robustness of this system against potential attacks.

Original Abstract Submitted

Systems and methods are provided for automatically filtering privileged methods from unprivileged methods, and thus preventing privileged methods from being available to an unelevated consumer application executing on an information handling system. Filtering privileged methods from unprivileged methods may be performed, for example, by identifying any unprivileged method/s within an original implementation class of an elevated publisher software application that are eligible to be exposed to (e.g., shared with) an unelevated consumer software application via a named pipe, and implementing a corresponding dynamic publisher object on the elevated publisher software application and an intermediary dynamic consumer proxy class on the unelevated consumer software application to prevent the unelevated consumer software application from calling any other methods (e.g., privileged method/s) within the original implementation class of the elevated publisher software application that are not so identified as being eligible to be exposed to the unelevated consumer software application.