- Patent Title: Protecting a computer device from escalation of privilege attacks
-
Application No.: US16382578Application Date: 2019-04-12
-
Publication No.: US11321455B2Publication Date: 2022-05-03
- Inventor: John Goodridge , Thomas Couser
- Applicant: Avecto Limited
- Applicant Address: GB Manchester
- Assignee: Avecto Limited
- Current Assignee: Avecto Limited
- Current Assignee Address: GB Manchester
- Agency: Morris, Manning & Martin, LLP
- Agent Daniel E. Sineway; Adam J. Thompson
- Priority: GB1806289 20180418
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F21/55 ; G06F9/445
Abstract:
A computer device has a kernel driver in a kernel mode of the operating system which records an access token as initially associated with a user process. Later, the user process presents its access token when requesting certain operations through the operating system. The kernel driver detects that the user process has been subject to an escalation of privilege attack by evaluating the access token in its presented form as against the initially recorded access token and, in response, performs a mitigation action such as suspending the user process.
Public/Granted literature
- US20190325133A1 Protecting a Computer Device From Escalation of Privilege Attacks Public/Granted day:2019-10-24
Information query
