Abstract:
One of the foundations of operating system security is authentication. Without being sure with whom an entity interacts, the three fundamental properties—confidentiality, integrity and availability—can be trivially violated. But there are several uncertainty factors in the user authentication procedure in current operating systems, such as the uncertainties of authentication mechanisms, the uncertainties of authentication rules and the uncertainties of authentication conclusions. This paper borrows the idea of uncertainty reasoning in expert system field, puts forward the thought of authentication trustworthiness, and gives the authentication trustworthiness factor model. The model describes the measure for these uncertainty factors in user authentication procedure. Aiming at some important and especially secure systems needing several authentication mechanisms, this paper gives and demonstrates the parallel propagation formula of authentication trustworthiness factor. After calculating the user's final authentication trustworthiness, the system decides whether the user has passed system authentication. By introducing the thought of authentication trustworthiness into authentication system, it can not only describe the uncertainty factors existing in authentication system very well, but also enhance the security of those systems needing multiple authentication mechanisms very well.