Using Continuous Face Verification to Improve Desktop Security

In this paper we describe the architecture, implementation, and performance of a face verification system that continually verifies the presence of a logged-in user at a computer console. It maintains a sliding window of about ten seconds of verification data points and uses them as input to a Bayesian framework to compute a probability that the logged-in user is still present at the console. If the probability falls below a threshold, the system can delay or freeze operating system processes belonging to the logged-in user. This helps prevent misuse of computer resources when an unauthorized user maliciously takes the place of an authorized user. Processes may be unconditionally frozen (they never return from a system call) or delayed (it takes longer to complete a system call, or appropriate action may be taken for certain classes of system calls, such as those that are considered security critical. We believe that the integrated system presented here is the first of its kind. Furthermore, we believe that the analysis of the tradeoffs between verification accuracy, processor overhead, and system security that we do in this paper has not been done elsewhere

[1]  Paul A. Viola,et al.  Robust Real-time Object Detection , 2001 .

[2]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[3]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[4]  Carl Staelin,et al.  lmbench: Portable Tools for Performance Analysis , 1996, USENIX Annual Technical Conference.

[5]  Rahul Sukthankar,et al.  Memory-based face recognition for visitor identification , 2000, Proceedings Fourth IEEE International Conference on Automatic Face and Gesture Recognition (Cat. No. PR00580).

[6]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[7]  David G. Stork,et al.  Pattern Classification , 1973 .

[8]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[9]  M. Turk,et al.  Temporal Integration for Continuous Multimodal Biometrics , 2003 .

[10]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, International Journal of Computer Vision.

[11]  Robert Love,et al.  Linux Kernel Development , 2003 .

[12]  Gregory R. Ganger,et al.  Secure Continuous Biometric-Enhanced Authentication , 2000 .

[13]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[14]  S. Mason Purdue University , 2005 .