1. Field of the Invention
The present invention relates generally to communication networks and more particularly to an enhanced system for protecting communication networks from an unauthorized computer user.
2. Description of the Related Art
Sophisticated attacks against computer systems are increasing dramatically. These attacks become even more problematic with the increased functionality of various communication devices, including cell phones. For example, when trying to provide trusted functionality to cell phones utilizing sleeves, there is a growing need to determine 1) if the software on the phone is supposed to communicate with the sleeve, 2) if the software has been corrupted, and 3) if the appropriate phone is paired with the sleeve. It is extremely difficult to guard a system against these attacks. Many attacks now utilize zero-day (unknown before hand) attack factors that are not recognized by virus scanners. Attacks often combine highly sophisticated social-engineering and custom exploits to induce victims to load malicious software. These custom exploits are not recognized by available anti-virus/anti-spyware systems. Subverted machines use standard mechanisms to leak information. Exploits use standard protocols (e.g. HTTP) to transmit information, with network traffic indistinguishable from legitimate traffic or concealed within an encrypted transport (e.g. HTTPS).
U.S. Publicn. No. 2005/0262558, entitled “ON-LINE CENTRALIZED AND LOCAL AUTHORIZATION OF EXECUTABLE FILES,” discloses a system and method for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The cryptographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.
U.S. Publicn. No. 2010/0077445, entitled “GRADUATED ENFORCEMENT OF RESTRICTIONS ACCORDING TO AN APPLICATION'S REPUTATION,” discloses security software on a client that observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale.
The Kerberos consortium provides technology that allows for strong authentication in open, distributed networks, providing a single mechanism for authentication of users and services. While Kerberos provides authentication services in the context of an untrusted network environment, it does not provide authentication of untrusted processes and devices to a trusted network or service. Nor is it designed to work in context of a high-assurance guard separating untrusted from trusted environments. (MIT Kerberos Consortium; “Why is Kerberos a Credible Security Solution?”; 2008 by MIT Kerberos Consortium; www.kerberos.org/software/whykerberos.pdf; accessed 13 Feb. 2012.)