Main stream operating system kernels lack a strong and reliable mechanism for identifying the running processes and binding them to the corresponding executable applications. In this paper, we address the identification problem by proposing a novel secure application identification model in which user-level applications are required to present identification proofs at run time to be authenticated to the kernel. In our model, applications are supplied with unique secret keys. The secret key of an application is registered with a trusted kernel at the installation time and is used to uniquely authenticate the application. We present a protocol for the secure authentication of applications. Additionally, we develop a system call monitoring architecture that uses our model to verify the identity of applications when making designated system calls. Our system call monitoring can be integrated with existing mandatory access control systems to enforce application-level access rights. We i...
Hussain M. J. Almohri, Danfeng (Daphne) Yao, Denni