In many computer implementations, it is desirable to limit access to information based upon accessibility level. This is especially true in a government context. For example, in a government security implementation, it is quite desirable, and most likely required, for top secret information to be accessible only by users and processes having the proper accessibility or clearance level (e.g. top secret clearance or above). It may also be desirable for users and processes having high clearance levels to be able to access information at lower levels (e.g. users and processes with top secret clearance can access need-to-know and public information). In order to implement such controls, one or more mechanisms need to be put in place to check the clearance levels of the users, processes, and information, and to determine whether certain accesses should be allowed. These mechanisms need to ensure that all possible sharing of information by processes are taken into account. If any potential sharing channel is missed, then that sharing channel may be the source of a security breach.
A windowing service of a computer system is a potential security breach. A windowing service is typically used by all of the processes in a computer system to perform windowing actions (e.g. drawing a window, putting content into a window, etc.). By invoking a windowing service, it is possible for a process to associate information with a display window. It is also possible for a process to invoke the windowing service to access information that was previously associated with the window, whether that information was provided by the requesting process or another process. Because of this ability to provide previously associated information, a windowing service can be used by a process as a mechanism for obtaining information provided by other processes. That being the case, unless the windowing service is endowed with capability to enforce accessibility restrictions, the windowing service can be exploited by a process to create a security breach.