Protected Mode in Vista IE7


Microsoft Windows Vista introduced an enhanced security model that we were able to build on in Vista's version of IE7. I want to tell you about a new major IE defense-in-depth security feature called Protected Mode. Defense in depth is a security principle that a system should provide multiple layers of defense, in case one layer is ever breached. Protected Mode takes advantage of three key new technologies in Vista's security model:

* User Account Control (UAC), which implements the Principle of Least Privilege.

UAC will help users run Vista without requiring administrator privileges to be productive. Administrators can also run most applications with a limited privilege, but have "elevation potential" for specific administrative tasks and application functions.

* Mandatory Integrity Control (MIC), a model in which data can be configured to prevent lower-integrity applications from accessing it. The primary integrity levels are Low, Medium, High, and System. Processes are assigned an integrity level in their access token. Securable objects such as files and registry keys have a new mandatory access control entry (ACE) in the System Access Control List (ACL).

* User Interface Privilege Isolation (UIPI) blocks lower-integrity from accessing higher-integrity processes. For example, a lower-integrity process cannot send window messages or hook or attach to higher priority processes This helps protect against "shatter attacks." A shatter attack is when one process tries to elevate privileges by injecting code into another process using windows messages. IEBlog : Protected Mode in Vista IE7

Linked by shanmuga Friday, 10th February 2006 7:15AM