Kernel Based User Authentication (19-Aug-2009)

Contact Information

Publications@ipcg.com

ipCapital Group, Inc.
400 Cornerstone Drive, Suite 325 Williston, VT 05495
United States of America
(802) 872-3200

TITLE

Kernel Based User Authentication

ABSTRACT

A Security Sector is included in the kernel of the operating system. The Security Sector prevents the execution of system commands unless the user can be authenticated by the Security Sector. Implementing the security system in the kernel prevents malicious parties from circumventing the security system.

1. BACKGROUND

Problem or Opportunity

Security threats to computing machines exist in the opportunity to execute dangerous and destructive commands. These commands are necessary for operation of the machine but must be carefully regulated to avoid accidental or intentional misuse. Security restrictions implemented in the operating system such as administrator or "super-user" accounts still leave the opportunity for malicious users or code to directly access the kernel and execute dangerous commands. A more secure system is necessary to prevent the malicious execution of commands by circumventing existing security.

Background Publications

Previous publications have attempted to address security issues from within the kernel. However, these publications do not address security concerns related to the execution of dangerous commands by users or applications on a computing machine.

US Patent Number 7398389 describes a "Kernel-based network security infrastructure." In this invention a code set within the kernel protects from malicious attempts to insert code into the rest of the kernel. This invention does not protect against the execution of dangerous system calls by unauthorized parties.

US Patent Number 7246233 describes "Policy-driven kernel-based security implementation." In this invention, network security is implemented in the kernel such

1

that it provides transparency to applications. This invention does not relate to the security of system commands on a computing machine.

US Patent Application Number 20090089579 describes a system for validating software applications. In this invention a key checking module is implemented within the kernel that verifies the authenticity of software from a vendor. This invention does not relate to the security of system commands on a computing machine.

US Patent Application Number 20090007233 describes a system for securing information from a root user on a computing system. In this invention, sensitive data is protected from access by unauthorized root level users by adding an additional level of authentication to access the sensitive data. This invention does not provide additional security against the malicious use of root level commands.

Trusted Computing Platform Alliance (TCPA) chips, such as HP's ProtectTools Embedded Security¹ is another recent development in computing security. In these systems, a TCPA chip embedded in a system's hard...