By a News Reporter-Staff News Editor at Information Technology Newsweekly -- Current study results on Computer Security have been published. According to news reporting out of Blacksburg, Virginia, by VerticalNews editors, research stated, "This paper points out the need in modern operating system kernels for a process authentication mechanism, where a process of a user-level application proves its identity to the kernel. Process authentication is different from process identification."
Our news journalists obtained a quote from the research from Virginia Tech, "Identification is a way to describe a principal; PIDs or process names are identifiers for processes in an OS environment. However, the information such as process names or executable paths that is conventionally used by OS to identify a process is not reliable. As a result, malware may impersonate other processes, thus violating system assurance. We propose a lightweight secure application authentication framework in which user-level applications are required to present proofs at runtime to be authenticated to the kernel. To demonstrate the application of process authentication, we develop a system call monitoring framework for preventing unauthorized use or access of system resources. It verifies the identity of processes before completing the requested system calls. We implement and evaluate a prototype of our monitoring architecture in Linux."
According to the news editors, the research concluded: "The results from our extensive performance evaluation show that our prototype incurs reasonably low overhead, indicating the feasibility of our approach for cryptographically authenticating applications and their processes in the operating system."
For more information on this research see: Process Authentication for High System Assurance. IEEE Transactions on Dependable and Secure Computing, 2014;11(2):168-180. IEEE Transactions on Dependable and Secure Computing can be contacted at: Ieee Computer Soc, 10662 Los Vaqueros Circle, PO Box 3014, Los Alamitos, CA 90720-1314, USA. (Institute of Electrical and Electronics Engineers - www.ieee.org/; IEEE Transactions on Dependable and Secure Computing - ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8858)
Our news journalists report that additional information may be obtained by contacting H.M.J. Almohri, Virginia Technical, Dept. of Comp Sci, Blacksburg, VA 24060, United States. Additional authors for this research include D.F. Yao and D. Kafura.
Keywords for this news article include: Virginia, Blacksburg, United States, Computer Security, North and Central America
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC