Additional layer in operating system to protect system from hacking

US 20030037252A1
Filed: 08/20/2001
Published: 02/20/2003
Est. Priority Date: 08/20/2001
Status: Active Grant

First Claim

Patent Images

1. A method for preventing at least in part a hacker from performing unwanted activities in a computer system comprising the steps of:

receiving a request to provide a service from a user;

determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and

determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for preventing at least in part a hacker from performing unwanted activities such as in a file system. A security layer may be added in the kernel space configured to determine whether a request to provide a service from a particular user was received from user space or kernel space. If the request was received from user space, then the user is an unauthenticated user. That is, the user may be a potential hacker. Subsequently, the security layer may determine whether the request satisfies requirements for unauthenticated requests. If the request was received from a secure connection manager in kernel space then the user may be treated as an authenticated user. The secure connection manager may be configured to establish a secure authorized connection with an authenticated user. Subsequently, the security layer may determine whether the request satisfies requirements for authenticated requests.

Citations

27 Claims

1. A method for preventing at least in part a hacker from performing unwanted activities in a computer system comprising the steps of:
- receiving a request to provide a service from a user;
  
  determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
  
  determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein if said request from said unauthenticated user does not fail to satisfy said security requirement for said unauthenticated requests then said request is serviced.
  - 3. The method as recited in claim 1, wherein if said request was from said kernel space then the method further comprises the step of:
    - determining whether said request was transmitted from a manager in said kernel space configured to establish a secure authorized connection between said user and said kernel space if said user is authorized.
  - 4. The method as recited in claim 3, wherein if said request was not transmitted from said manager then said user is said unauthenticated user, wherein the method further comprises the step of:
    - determining whether said request satisfies said security requirement for unauthenticated requests.
  - 5. The method as recited in claim 4, wherein if said request does not satisfy said security requirement for unauthenticated requests then said request is not serviced.
  - 6. The method as recited in claim 4, wherein if said request satisfies said security requirement for unauthenticated requests then said request is serviced.
  - 7. The method as recited in claim 3, wherein if said request was transmitted from said manager then said user is an authenticated user, wherein the method further comprises the step of:
    - determining whether said request satisfies a security requirement for authenticated requests.
  - 8. The method as recited in claim 7, wherein if said request does not satisfy said security requirement for authenticated requests then said request is not serviced.
  - 9. The method as recited in claim 7, wherein if said request satisfies said security requirement for authenticated requests then said request is serviced.

10. A computer program product having a computer readable medium having computer program logic recorded thereon for preventing at least in part a hacker from performing unwanted activities in a computer system, comprising:
- programming operable for receiving a request to provide a service from a user;
  
  programming operable for determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
  
  programming operable for determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product as recited in claim 10, wherein if said request from said unauthenticated user does not fail to satisfy said security requirement for said unauthenticated requests then said request is serviced.
  - 12. The computer program product as recited in claim 10, wherein if said request was from said kernel space then the computer program product further comprises:
    - programming operable for determining whether said request was transmitted from a manager in said kernel space configured to establish a secure authorized connection between said user and said kernel space if said user is authorized.
  - 13. The computer program product as recited in claim 12, wherein if said request was not transmitted from said manager then said user is said unauthenticated user, wherein the computer program product further comprises:
    - programming operable for determining whether said request satisfies said security requirement for unauthenticated requests.
  - 14. The computer program product as recited in claim 13, wherein if said request does not satisfy said security requirement for unauthenticated requests then said request is not serviced.
  - 15. The computer program product as recited in claim 13, wherein if said request satisfies said security requirement for unauthenticated requests then said request is serviced.
  - 16. The computer program product as recited in claim 12, wherein if said request was transmitted from said manager then said user is an authenticated user, wherein the computer program product further comprises:
    - programming operable for determining whether said request satisfies a security requirement for authenticated requests.
  - 17. The computer program product as recited in claim 16, wherein if said request does not satisfy said security requirement for authenticated requests then said request is not serviced.
  - 18. The computer program product as recited in claim 16, wherein if said request satisfies said security requirement for authenticated requests then said request is serviced.

19. A system, comprising:
- a processor;
  
  a memory unit storing a computer program operable for preventing at least in part a hacker from performing unwanted activities in said system; and
  
  a bus system coupling the processor to the memory unit, wherein the computer program is operable for performing the following programming steps;
  
  receiving a request to provide a service from a user;
  
  determining if said request was transmitted from a user space or a kernel space of a memory space of said system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
  
  determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system as recited in claim 19, wherein if said request from said unauthenticated user does not fail to satisfy said security requirement for said unauthenticated requests then said request is serviced.
  - 21. The system as recited in claim 19, wherein if said request was from said kernel space then the computer program is further operable for performing the following programming step:
    - determining whether said request was transmitted from a manager in said kernel space configured to establish a secure authorized connection between said user and said kernel space if said user is authorized.
  - 22. The system as recited in claim 21, wherein if said request was not transmitted from said manager then said user is said unauthenticated user, wherein the computer program is further operable for performing the following programming step:
    - determining whether said request satisfies said security requirement for unauthenticated requests.
  - 23. The system as recited in claim 22, wherein if said request does not satisfy said security requirement for unauthenticated requests then said request is not serviced.
  - 24. The system as recited in claim 22, wherein if said request satisfies said security requirement for unauthenticated requests then said request is serviced.
  - 25. The system as recited in claim 21, wherein if said request was transmitted from said manager then said user is an authenticated user, wherein the computer program is further operable for performing the following programming step:
    - determining whether said request satisfies a security requirement for authenticated requests.
  - 26. The system as recited in claim 25, wherein if said request does not satisfy said security requirement for authenticated requests then said request is not serviced.
  - 27. The system as recited in claim 25, wherein if said request satisfies said security requirement for authenticated requests then said request is serviced.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Abrams, Roger Kenneth

Granted Patent

US 7,178,165 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/6281 at program execution time, ...

Additional layer in operating system to protect system from hacking

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Additional layer in operating system to protect system from hacking

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links