US 11,714,901 B2
Protecting a computer device from escalation of privilege attacks
John Goodridge, Cheshire (GB); and Thomas Couser, Lancashire (GB)
Assigned to Avecto Limited, Manchester (GB)
Filed by Avecto Limited, Manchester (GB)
Filed on Apr. 26, 2022, as Appl. No. 17/729,476.
Application 17/729,476 is a continuation of application No. 16/382,578, filed on Apr. 12, 2019, granted, now 11,321,455.
Claims priority of application No. 1806289 (GB), filed on Apr. 18, 2018.
Prior Publication US 2022/0335125 A1, Oct. 20, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 21/55 (2013.01); G06F 9/445 (2018.01)
CPC G06F 21/554 (2013.01) [G06F 9/445 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a memory storing a token cache and an operating system; and
at least one computing device in communication with the memory, the at least one computing device being configured to:
receive a first notification that a process has started on the at least one computing device;
in response to the first notification, record a first access token associated with the process into the token cache;
receive a second notification that the process has interacted with the operating system to perform at least one of a set of predetermined operations on the at least one computing device;
in response to the second notification, capture a second access token from the process;
perform a comparison of the second access token captured from the process against the first access token recorded into the token cache; and
determine that an escalation of privilege attack has occurred based on the comparison of the second access token captured from the process against the first access token recorded in the token cache.