1. Technical Field
The present inventive concept relates generally to the field of computers and computer devices. More particularly, the present inventive concept relates to a method and apparatus for controlling access to component object model (COM) objects by providing an improved COM object handling mechanism.
2. Description of Related Art
The component object model (COM) allows different software components to interact with each other. COM is a widely used technology and allows, for example, a spreadsheet created by Microsoft™ EXCEL™ to be embedded within a document in Microsoft™ WORD™. As a platform-independent, distributed, object-oriented system, COM is a useful tool for creating binary software components that can interact. In particular, COM is a foundation for Microsoft's OLE technology with respect to compound documents (like the WORD and EXCEL example above) and for ActiveX technology for Internet-enabled components.
In Microsoft™ Windows™, like many operating systems, the security model applies the access privileges based on the user's account. The operating system may define privilege levels appropriate to different classes, or groups, of users, and then apply the privileges of the relevant class or group to the particular logged-in user (e.g., ordinary user, super-user, local administrator, system administrator and so on). The user is authenticated by logging in to the computer device, and the user, via their previously prepared security account, acts as a security principal in the security model. The operating system then grants appropriate privileges to processes which execute in that user's security context.
It is desirable to implement a least-privilege access model, whereby each user is granted the minimal set of access privileges which is just sufficient for the user's desired processes to operate on the computer device. However, in practice, many application programs require a relatively high privilege level, such as the local administrator level, in order to install and operate correctly. Hence, there is a widespread tendency to grant additional privilege rights, such as the local administrator level, and thus user processes gain greater access to the resources of the computer device than is desirable or appropriate from a security viewpoint. For example, these additional privilege rights may then enable accidental tampering with key resources of the computer device, leading to errors or corruption within the device. Further, a particular user process (e.g. an infection or malware) may maliciously access key resources of the computer device with the deliberate intention of subverting security or causing damage.
Therefore, there is a need to provide a mechanism which allows the least-privilege principle to be implemented while still enabling the desired, legitimate, processes to execute on the computer device by accessing COM objects created under the component object model. In particular, there is a need to enable effective, higher-level access rights, such as would be equivalent to local administrator rights, but without compromising security of the computer device.
The example embodiments have been provided with a view to addressing at least some of the difficulties that are encountered in current computer devices, whether those difficulties have been specifically mentioned above or will otherwise be appreciated from the discussion herein.