The service process must have a root directory with access only to the necessary files.
CAPEC-122: Privilege Abuse. An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation