US Patent 7818804 Empirical privilege profiler (EPP) for software programs

A system is described for dynamically generating an application-specific, system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances. In particular, the system includes a plurality of client computing devices for capturing empirical information relating to the exercise of privileges by the plurality of software application instances executing on top of a plurality of instances of a platforms residing within the plurality of client devices. The plurality of client devices each uploads the empirical information to an EPP server, which is also included within the system. The empirical privilege profiler system dynamically generates the profile based the empirical information. In this way, the system may facilitate adherence to the Principle of Least Privilege by revealing system-level privilege use by an application, monitoring of system-level privilege use, and detection of system intrusions.