An operating system, when executed, may include a plurality of operating system services to perform system related functions. For example, operating system services may be configured to provide system-level support, such as a system event log, a task scheduler, telephony, and so on. Thus, operating system services may provide the “backbone” of an operating system and provide critical functionality to the execution of the operating system.
A variety of different type of operating system services may be executed on a computing device. A first type of operating system service is a non-interactive service which is configured for execution without user interaction. For instance, a non-interactive service may be executed without providing a user interface. A second type of operating system service is a user-interactive service that does provide for interaction with the user, such as by providing a user interface for interaction with the user.
Typically, operating system services are executed by the operating system in an elevated security context, such as “LocalSystem”, and therefore have high privileges in the execution of the operating system. Privileges define rights to perform specific tasks. For example, a “high” privilege may define a right to perform tasks that affect operation of an entire computer system, while a “low” privilege may define a right to interact with a particular programming object. Because some operating system services are user-interactive, however, a malicious user may utilize the user-interactive services to run malicious code at a higher privilege than would otherwise be possible and therefore attack the operation of a computing device which executes the operating system.
An operating system, for instance, may provide an interactive desktop that acts as a security boundary such that any application executed on the interactive desktop can interact with any window that is provided on the interactive desktop, even if that window is invisible. Consequently, a user-interactive service that opens a window on the interactive desktop exposes itself to applications executed by any logged-on user, even a malicious user. For instance, a user-interactive service which provides a window in the interactive desktop may be utilized to elevate code written by the malicious user to the elevated security context of that service. As a result, the code, when elevated, may attack and take control of the user-interactive service to disrupt execution of the operating system.
Accordingly, there is a continuing need for systems and methods that afford security for operating system services provided through execution of an operating system.