For a number of reasons, data is marshaled on a computing device from a source process to a target process. At times, the source process may marshal data to the target process through an intermediate process. When the intermediate process is not trusted, a mechanism for marshaling data between processes in an efficient and secure manner is desired. Ideally, the mechanism would use resources efficiently and prevent an untrusted intermediate process from accessing marshaled data.
One solution to this problem is the use of cryptography. Cryptography provides a mechanism for securely transmitting data along an untrusted channel. However, security of a cryptographic system depends entirely on keys. In some operating systems, including, but not limited to Windows® (Windows is a registered trademark of Microsoft Corporation of Redmond, Wash.) operating systems, an operating system provided key management system largely depends on an identity of a process. If trusted processes and untrusted processes execute under one user, then the trusted processes and the untrusted processes may have access to the same keys. As a result, in order to effectively use cryptography to secure data from the untrusted processes a secure key management system, separate from the key management system of the operating system, may be developed and employed.
Other solutions avoid marshaling data through an untrusted channel by either validating trust of an intermediate process, or by marshaling connection information, such that a direct channel may be established without passing data through an untrusted intermediate process.