Process control software security architecture based on least privileges

摘要

A computer device 220 comprising an operating system that executes according to configuration data to implement service processes 260 and desktop applications 258, the service processes being run to provide services to the applications. The OS executes to enforce a service namespace 250, which executes the service processes, that is separate from a desktop namespace 252, which executes the applications, and where all processes implemented in the service namespace must communicate with processes in the desktop namespace via inter-process communications 292. Privileges of the applications, which may not include admin privileges or be elevated, can be set separately from the privileges of user accounts, and can all be set the same privileges independently of the user accounts. There may also be local memory, which the applications are prevented from writing service files or folders too, as well as a user interface wherein the service processes are prohibited from accessing the desktop.