Data structures describing states and resource ownership of processes are typically maintained in an operating environment or operating system (OS) to enable controls over these processes. Typically, the data structure representing a process is centrally managed via the OS to characterize how the process is running. For example, the OS may assign certain security levels and/or priority settings to a process via the data structure according to certain registered information of a user account, authorization credentials or other applicable configurations.
For example, the OS can assign a security (or authorization) level to a process. Multiple processes working cooperatively with each other to perform a task may have to run with different levels of privilege independent of the task. As a result, certain services running as daemon processes may be assigned as uber processes with a high level of authorization capability to accommodate requests for a wide variety of applications or processes. When hijacked, these uber processes may pose security risks for the system.
Capability based security models in OS have been implemented to improve system securities, such as Hydra from Carnegie Mellon University and Capsicum in FreeBSD operating system. Hydra was a microkernel based on IPC (inter process communication) ports and messaging with a mechanism for passing a single un-spoofable capability along with each message. However, the capabilities in Hydra were specific to the task being requested during an IPC and user code had to provide the specific capability needed for a given operation. There is no concept of adoption in a Hydra based system. Hydra or other true capability based systems have to pass specific capabilities to authorize each request independently.
Capsicum provides finer-grained capabilities and sandboxes into the FreeBSD operating system. However, the capabilities in Capsicum are represented as finer-grained access controlled file descriptors. In Capsicum, “angel” processes are used to create file descriptors that a first process is otherwise not allowed to access and pass them back via IPC to the first process. There is no concept of passing around a data structure to be adopted to alter future authorizations in Capsicum.
Further, execution priorities pre-assigned for multiple processes interacting with each other to accomplish a task may not be consistent with an intended importance of the task. It is common to run more than one process together to complete an action requested by an interactive user who may expect a snappy response for the action regardless how many different processes of various priorities are involved. However, executing processes based on pre-assigned priorities may result in delayed responses to the user as processes with high priorities but not related to the action may have more likelihood to be scheduled for processor cycle time.
Furthermore, when detecting a thread execution is blocked, an OS runtime may raise execution priority of certain processes (e.g. daemons) randomly to passively wait for a resolution to execute the blocked thread. Typically, threads of a whole process may have their priorities raised together regardless what operations or tasks each thread is executing. Often times, threads working on unimportant tasks may get priority for execution when execution conflicts occur. As a result, responsiveness of the overall system performance may be adversely affected.
Furthermore, a process may request a power assertion to prevent a system from going to a sleep state when certain operations are performed. Subsequently, the process can issue a release to remove the power assertion. However, tracking down when these operations are completed to issue the release may be difficult. For example, the operations may fan out to multiple processes or daemons running asynchronously to add a significant complexity in managing the power assertion requests. As a result, the system may enter a sleep state unexpectedly and/or remain in a high power state unintendedly.
Thus, existing mechanisms in process or task management of an operating environment tend to be statically constrained, inefficient and ineffective to dynamically distribute characteristics of processes between each other.