Authorizing lower privilege users to invoke privileged calls

Solutions for enabling lower privilege users (e.g., applications, virtualized computing environment applications such as virtual machines or containers) to perform requests for service (e.g., remote procedure calls) that require higher privilege include: receiving, by a relay service executing at a...

Full description

Saved in:
Bibliographic Details
Main Authors Lemke, David, Kumar, Ravindra
Format Patent
LanguageEnglish
Published 18.06.2024
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:Solutions for enabling lower privilege users (e.g., applications, virtualized computing environment applications such as virtual machines or containers) to perform requests for service (e.g., remote procedure calls) that require higher privilege include: receiving, by a relay service executing at a first privilege level, from an application executing at a lower privilege level, a received request for service. The first privilege level is sufficient for the request, however, the application's privilege level is insufficient. The relay service determines whether the application is authorized to perform the request by comparing the application identity and the request with privilege exception information (e.g., a list of application identities and corresponding requests that are subject to privilege exception). If the application's request is authorized, the relay service relays the request (e.g., as a hypercall) to a destination service at the relay's service own privilege level and then relays the received response back to the application.
Bibliography:Application Number: US202217751279