Application
While processes inherit the integrity level of the process that spawned it, the integrity level can be customized at the time of process creation. As well as for defining the boundary for window messages in the User Interface Privilege Isolation technology, Mandatory Integrity Control is used by applications like Windows Explorer, Internet Explorer, Google Chrome and Adobe Reader to isolate documents from vulnerable objects in the system.
Internet Explorer 7 introduces a MIC-based "Protected Mode" setting to control whether a web page is opened as a low-integrity process or not (provided the operating system supports MIC), based on security zone settings, thereby preventing some classes of security vulnerabilities. Since Internet Explorer in this case runs as a Low IL process, it cannot modify system level objects—file and registry operations are instead virtualized. Adobe Reader 10 and Google Chrome are two other notable applications that are introducing the technology in order to reduce their vulnerability to malware.
However, in some cases a higher IL process do need to execute certain functions against the lower IL process, or a lower IL process need to access resources that only a higher IL process can access (for example, when viewing a webpage in protected mode, save a file downloaded from the internet to a folder specified by the user). High IL and Low IL processes can still communicate with each other by using files, Named pipes, LPC or other shared objects. The shared object must have an integrity level as low as the Low IL process and should be shared by both the Low IL and High IL processes. Since MIC does not prevent a Low IL process from sharing objects with a higher IL process, it can trigger flaws in the higher IL process and have it work on behalf of the low IL process, thereby causing a Squatting attack. Shatter attacks, however, can be prevented by using User Interface Privilege Isolation which takes advantage of MIC.
Read more about this topic: Mandatory Integrity Control
Famous quotes containing the word application:
“I conceive that the leading characteristic of the nineteenth century has been the rapid growth of the scientific spirit, the consequent application of scientific methods of investigation to all the problems with which the human mind is occupied, and the correlative rejection of traditional beliefs which have proved their incompetence to bear such investigation.”
—Thomas Henry Huxley (1825–95)
“We will not be imposed upon by this vast application of forces. We believe that most things will have to be accomplished still by the application called Industry. We are rather pleased, after all, to consider the small private, but both constant and accumulated, force which stands behind every spade in the field. This it is that makes the valleys shine, and the deserts really bloom.”
—Henry David Thoreau (1817–1862)
“By an application of the theory of relativity to the taste of readers, to-day in Germany I am called a German man of science, and in England I am represented as a Swiss Jew. If I come to be regarded as a bête noire the descriptions will be reversed, and I shall become a Swiss Jew for the Germans and a German man of science for the English!”
—Albert Einstein (1879–1955)