In modern computing environment security is one of the most important factors. It should be the highest priority to make sure that a computer always executes safe computer instructions to maintain privacy and security. A computer will be connected to the network, and there will be outside attackers who will try to destabilize the computing environment or steal valuable information stored somewhere in the network. The most common way to achieve these things is to find some exploitable hole and then inject some computer instruction that can be executed internally.
Theoretically, there will be always security vulnerabilities, and the possibility that someone will try to push some bad stuff to exploit a vulnerability. Then it's up to the user/computer to deal with this bad stuff. Most of the users are not expert and, for example, can easily double click on an email attachment to welcome this bad stuff. Or sometimes the OS or some running program will automatically welcome bad stuff because of exploitable security holes in that application or OS.
An antivirus program is a kind of passive protection. It can scan files for possible infection; it can scan memory for similar things. The scanning process is assisted by some preset signatures to flag that memory or files that are infected. However, there is no easy way to make a conventional anti-virus application smart enough to determine any newly written future virus. Firewall applications typically block requests from unknown or suspicious sources. However they can't block legitimate requests. For example, users need to browse the Internet, send email, use other network resources, and communicate with other computers in the network. Sometimes an unintentional or ignorant act can cause problems. An email attachment might contain bad instructions. Or an employee might download a file from the Internet and execute it locally, eventually installing bad stuff on the computer. Therefore, those virus or firewall based protections are not good enough to identify new innovative future attacks. In this invention, we present a novel approach that can identify bad instructions modules in the system at the time they are loaded into the system and do the verification using a unique easily deployable authentication framework. The proposed invention makes sure that the instructions running in the system are safe.
Local Authentication Framework can acquire knowledge from the global Authentication Framework (AF). AF already knows what modules are available that can be safely executed on a local system. The knowledge base of the framework can be adaptive and continuously learn about new modules relating to new products, updates available to users, or new findings on a module or product. AF helps apply the knowledge acquired from the global AF to end user system to make the computing system more secure and safe. The Authentication Framework helps the system administrator set rules and policies to define certified instruction set/modules to run across system computers. This makes the network environment more efficient and manageable because the administrator can control what can be run in the system and what can't. If some certified instruction module becomes vulnerable to attack, the administrator can uncertify the module and update its central database with a new certified module (for example, available from vendor). In that case all computers in the network can pick up the certified module quickly and automatically. Also, this helps the administrator manage licensed products. The administrator can certify program modules based on user account, or machine account. That way, the administrator can centrally manage that no unlicensed products are in use in the network.