User Interface Privilege Isolation


User Interface Privilege Isolation

User Interface Privilege Isolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat code injection exploits. By leveraging Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).cite web
url=http://msdn2.microsoft.com/en-us/library/aa905330.aspx
title=The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)
publisher=Microsoft
date=April 2007
accessdate=2007-12-07
] Window messages are designed to communicate user action to processes; however they can be used maliciously to trigger flaws in the receiving process to run arbitrary code in its context. If a low IL process can run code in the context of a higher IL process, it accomplishes an unauthorized privilege escalation resulting in a Shatter attack. By restricting access to some vectors for triggering flaws, UIPI can help to reduce and prevent some types of shatter attacks.cite web
url=http://www.coseinc.com/Vista_UIPI.ppt.pdf
title=Windows Vista UIPI
author=Edgar Barbosa
publisher=COSEINC
accessdate=2007-12-07
]

UIPI is not a security boundary, and does not aim to protect against all shatter attacks. UI Accessibility Applications can bypass UIPI by setting their "uiAccess" value to TRUE as part of their manifest file. This requires the application to be in the Program Files or Windows directory, as well as to be signed by a valid code signing authority, but these requirements will not necessarily stop malware from respecting them. Additionally, some messages are still allowed through, such as WM_KEYDOWN, which allows a lower IL process to drive input to an elevated command prompt. Finally, the function ChangeWindowMessageFilter allows a medium IL process (all non-elevated processes except Internet Explorer Protected Mode) to change the messages that a high IL process can receive from a lower IL process. This effectively allows bypassing UIPI, unless running from Internet Explorer or one of its child processes.

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • User Interface Privilege Isolation — (UIPI Isolation des privilèges de l IHM) est une technique de sécurité utilisée par Windows Vista et Windows Server 2008 pour se protéger contre les exploits d injection de code. UIPI évite qu un processus ayant un bas niveau de sécurité… …   Wikipédia en Français

  • User Account Control — (UAC) is a technology and security infrastructure introduced with Microsoft s Windows Vista operating system. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator …   Wikipedia

  • Graphics Device Interface — The Graphics Device Interface (GDI) is a Microsoft Windows application programming interface and core operating system component responsible for representing graphical objects and transmitting them to output devices such as monitors and printers …   Wikipedia

  • Roaming user profile — C:Documents and Settings{username}   Application Data   …   Wikipedia

  • UIPI — User Interface Privilege Isolation User Interface Privilege Isolation (UIPI Isolation des privilèges de l IHM) est une technique de sécurité utilisée par Windows Vista et Windows Server 2008 pour se protéger contre les exploits d injection de… …   Wikipédia en Français

  • Architecture of Windows NT — The Windows NT operating system family s architecture consists of two layers (user mode and kernel mode), with many different modules within both of these layers. The architecture of Windows NT, a line of operating systems produced and sold by… …   Wikipedia

  • Shatter attack — In computing, a shatter attack is a programming technique employed by hackers on Microsoft Windows operating systems that can be used to bypass security restrictions between processes in a session. A shatter attack takes advantage of a design… …   Wikipedia

  • Mandatory Integrity Control — In the context of the Microsoft Windows range of operating systems, Mandatory Integrity Control (MIC) or Integrity Levels (or Protected Mode in the context of applications like Internet Explorer, Google Chrome and Adobe Reader)[1] is a core… …   Wikipedia

  • Microsoft Windows — Windows redirects here. For the part of a building, see Window. For other uses, see Windows (disambiguation). Microsoft Windows …   Wikipedia

  • Windows Registry — The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low level operating system components as well as the applications running on the… …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.