Patent attributes
A system for implementing a super-user-compatible privilege security policy on a computer operating system is disclosed. The system includes a kernel for enforcing a security policy on processes, based on privileges. The system also includes a privilege model that interfaces with the kernel and implements a framework in which super-user based processes and privilege based processes transparently interface with the kernel. The privilege model includes several privilege sets associated with each process, a privilege awareness property state associated with each process, the property state indicating whether or not a process is privilege aware, and a software module for automatically modifying the privilege sets and the property state, on a per process basis, based on individual process behavior.