Additional layer in operating system to protect system from hacking
First Claim
1. A method for preventing at least in part a hacker from performing unwanted activities in a computer system comprising the steps of:
- receiving a request to provide a service from a user;
determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer program product for preventing at least in part a hacker from performing unwanted activities such as in a file system. A security layer may be added in the kernel space configured to determine whether a request to provide a service from a particular user was received from user space or kernel space. If the request was received from user space, then the user is an unauthenticated user. That is, the user may be a potential hacker. Subsequently, the security layer may determine whether the request satisfies requirements for unauthenticated requests. If the request was received from a secure connection manager in kernel space then the user may be treated as an authenticated user. The secure connection manager may be configured to establish a secure authorized connection with an authenticated user. Subsequently, the security layer may determine whether the request satisfies requirements for authenticated requests.
-
Citations
27 Claims
-
1. A method for preventing at least in part a hacker from performing unwanted activities in a computer system comprising the steps of:
-
receiving a request to provide a service from a user;
determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product having a computer readable medium having computer program logic recorded thereon for preventing at least in part a hacker from performing unwanted activities in a computer system, comprising:
-
programming operable for receiving a request to provide a service from a user;
programming operable for determining if said request was transmitted from a user space or a kernel space of a memory space of said computer system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
programming operable for determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
a processor;
a memory unit storing a computer program operable for preventing at least in part a hacker from performing unwanted activities in said system; and
a bus system coupling the processor to the memory unit, wherein the computer program is operable for performing the following programming steps;
receiving a request to provide a service from a user;
determining if said request was transmitted from a user space or a kernel space of a memory space of said system, wherein if said request was transmitted from said user space then said user is an unauthenticated user; and
determining if said request from said unauthenticated user fails to satisfy a security requirement for unauthenticated requests, wherein if said request from said unauthenticated user fails to satisfy said security requirement for unauthenticated requests then said request is not serviced. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification