Apparatus and method to detect and control processes which access lower privileged object

An apparatus and a method for managing an authority level violation process are presented to block access if necessary, by searching and monitoring a process with high authority to access to an object with low authority. According to an apparatus(1100) for managing an authority level violation process, a process behavior monitoring module(1110) detecting access to the object from the process. A process information acquisition module(1120) acquires process information. An object information acquisition module(1130) acquires object information. An authority level comparison module(1140) compares authority level between the process and the object, by gathering each process information and each object information acquired by the process information acquisition module and the object information acquisition module. A violation process processing module(1150) blocks the execution of the process or provides a warning message to a user.