Application
While processes inherit the integrity level of the process that spawned it, the integrity level can be customized at the time of process creation. As well as for defining the boundary for window messages in the User Interface Privilege Isolation technology, Mandatory Integrity Control is used by applications like Windows Explorer, Internet Explorer, Google Chrome and Adobe Reader to isolate documents from vulnerable objects in the system.
Internet Explorer 7 introduces a MIC-based "Protected Mode" setting to control whether a web page is opened as a low-integrity process or not (provided the operating system supports MIC), based on security zone settings, thereby preventing some classes of security vulnerabilities. Since Internet Explorer in this case runs as a Low IL process, it cannot modify system level objects—file and registry operations are instead virtualized. Adobe Reader 10 and Google Chrome are two other notable applications that are introducing the technology in order to reduce their vulnerability to malware.
However, in some cases a higher IL process do need to execute certain functions against the lower IL process, or a lower IL process need to access resources that only a higher IL process can access (for example, when viewing a webpage in protected mode, save a file downloaded from the internet to a folder specified by the user). High IL and Low IL processes can still communicate with each other by using files, Named pipes, LPC or other shared objects. The shared object must have an integrity level as low as the Low IL process and should be shared by both the Low IL and High IL processes. Since MIC does not prevent a Low IL process from sharing objects with a higher IL process, it can trigger flaws in the higher IL process and have it work on behalf of the low IL process, thereby causing a Squatting attack. Shatter attacks, however, can be prevented by using User Interface Privilege Isolation which takes advantage of MIC.
Read more about this topic: Mandatory Integrity Control
Famous quotes containing the word application:
“The receipt to make a speaker, and an applauded one too, is short and easy.—Take of common sense quantum sufficit, add a little application to the rules and orders of the House, throw obvious thoughts in a new light, and make up the whole with a large quantity of purity, correctness, and elegancy of style.”
—Philip Dormer Stanhope, 4th Earl Chesterfield (1694–1773)
“Courage is resistance to fear, mastery of fear—not absence of fear. Except a creature be part coward it is not a compliment to say it is brave; it is merely a loose application of the word. Consider the flea!—incomparably the bravest of all the creatures of God, if ignorance of fear were courage.”
—Mark Twain [Samuel Langhorne Clemens] (1835–1910)
“Science is intimately integrated with the whole social structure and cultural tradition. They mutually support one other—only in certain types of society can science flourish, and conversely without a continuous and healthy development and application of science such a society cannot function properly.”
—Talcott Parsons (1902–1979)