Kernel Based Process Level Authentication Framework for Secure Computing and High Level System Assurance

In modern operating system kernels level security is not present and a well-known approach to protecting systems from malicious activity is through the deployment of Mandatory Access Control (MAC). Existing MAC solutions belongs to authorization mechanism however authorization mechanism along is not sufficient for achieving system assurance. Today’s modern computing era operating system Kernel should have process level authentication mechanism, where process of user level application proves its identity to kernel. Current process authentication is done using information such as process names or an executable path that is conventionally used by OS to identify a process is not reliable. This may results as malware may impersonate to other processes thus violating of system assurance can occur. We propose a lightweight secure application authentication framework in which user-level applications are required to present proofs at runtime to be authenticated to kernel. In order to demonstrate the application of Process Authentication proposed System Call monitoring framework for preventing unauthorized use or access of system resources like HDD, RAM. It verified the identity of processes before completing the requested System calls.

[1]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[2]  Ruby B. Lee,et al.  Runtime execution monitoring (REM) to detect and prevent malicious code execution , 2004, IEEE International Conference on Computer Design: VLSI in Computers and Processors, 2004. ICCD 2004. Proceedings..

[3]  Hong Chen,et al.  Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems , 2009, NDSS.

[4]  Danfeng Yao,et al.  Data Leak Detection as a Service , 2012, SecureComm.

[5]  Sudip Saha,et al.  DNS for Massive-Scale Command and Control , 2013, IEEE Transactions on Dependable and Secure Computing.

[6]  R. Sunitha,et al.  DATA-PROVENANCE VERIFICATION FOR SECURE HOSTS , 2013 .

[7]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  Shouhuai Xu,et al.  Enhancing Data Trustworthiness via Assured Digital Signing , 2012, IEEE Transactions on Dependable and Secure Computing.

[9]  Trent Jaeger Operating System Security , 2008, Operating System Security.

[10]  Dennis G. Kafura,et al.  Identifying native applications with high assurance , 2012, CODASPY '12.

[11]  Crispin Cowan,et al.  Linux Security Module Framework , 2002 .

[12]  Qiang Ma,et al.  Detecting infection onset with behavior-based policies , 2011, 2011 5th International Conference on Network and System Security.

[13]  Santosh K. Shrivastava Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[14]  Dennis G. Kafura,et al.  Process Authentication for High System Assurance , 2014, IEEE Transactions on Dependable and Secure Computing.