User Interface Privilege Isolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat shatter attack exploits. By making use of Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).[1]

Window messages are designed to communicate user action to processes. However, they can be used to run arbitrary code in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized privilege escalation. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.[2]

UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security boundary.[3]

Microsoft Office 2010 uses UIPI for its Protected View sandbox to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.[4]

References

edit
  1. ^ "The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)". Microsoft. April 2007. Retrieved 2007-12-07.
  2. ^ Edgar Barbosa. "Windows Vista UIPI" (PDF). COSEINC. Archived from the original (PDF) on 2012-04-18. Retrieved 2012-04-18.
  3. ^ "Microsoft Security Servicing Criteria for Windows". Microsoft.
  4. ^ Malhotra, Mike (August 13, 2009). "Protected View in Office 2010". TechNet. Microsoft. Retrieved September 22, 2017.

📚 Artikel Terkait di Wikipedia

User Account Control

higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes

Shatter attack

Windows 10 Creators Update. User Interface Privilege Isolation Mandatory Integrity Control Principle of least privilege Capability-based security "Exploiting

Mandatory Integrity Control

well as for defining the boundary for window messages in the User Interface Privilege Isolation (UIPI) technology, Mandatory Integrity Control is used by

System Integrity Protection

engineering (security) Trusted Computing Trusted Solaris User Account Control User Interface Privilege Isolation Windows File Protection Cunningham, Andrew; Hutchinson

Adobe Acrobat version history

is the first application written by Adobe Systems for the Metro Style interface. The current versions offers only basic PDF reading features, subsequent

Microsoft Office 2010

later versions of Windows, Mandatory Integrity Control and User Interface Privilege Isolation further restrict the separate process. Protected View is also

Linux namespaces

machine or other containers. User namespaces are a critical security feature designed to provide both privilege isolation and user identification segregation

Operating system

a graphical user interface (GUI) was Apple's Macintosh. The GUI proved much more user friendly than the text-only command-line interface of earlier operating