Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
2000-06-09
2003-02-25
Yoo, Do Hyun (Department: 2187)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S202000, C713S152000
Reexamination Certificate
active
06526488
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a method and apparatus for controlling access to and corruption of information in a computer system.
PCT/GB91/00261 (WO91/13403) now U.S. Pat. No. 6,092,161 also by the present inventors (the disclosure of which is incorporated herein by reference) discloses a method and apparatus particularly concerned with the detection and containment of hostile programs such as “virus” programs within computer systems. In this document there is disclosed a method of (and related apparatus for) controlling access to and modification of information stored on a storage medium forming part of a computer system comprising:
dividing information stored on the storage medium into a plurality of non-overlapping partitions, including a boot partition and a plurality of general partitions, each of the partitions being further divided into a plurality of sectors, any designated subset of the general partitions being active at any given time when the computer system is in use, characterised by
providing supervising means (a Supervisor) separate of a central processing unit (CPU) of the computer system and made inaccessible to the user for controlling the performance of read, write and format operations upon the information stored on the storage medium so as to allow, restrict or prevent such operations depending upon the type of information stored within a sector and type and status of the partition within which the sector is located,
the supervising means causing a reset to be required of the computer system should an attempt be made to perform a prohibited read, write or format operation, said reset causing memory to be cleared and the operating system to be loaded.
In the invention disclosed in PCT/GB91/00261 the boot partition becomes “Read Only” when the system is in Supervised Mode. This prevents attack by a virus, whilst allowing execution of DOS utilities and programs providing they are not self-modifying.
Since the conception of virus isolation according to PCT/GB91/00261 there have been changes and improvements to PC operating systems. These present certain limitations to the scope of the virus isolator invention. For example:
(1) Microsoft Windows, although not strictly self-modifying, does require that certain files located within the Windows directory, can be written to.
(2) A system administrator may install an executable in the boot partition without knowing it is self-modifying. If such an executable is installed in the boot partition self-modification of this program is attempted when the system is in Supervised Mode, the Supervisor will block the write attempt and freeze the system.
(3) Microsoft Windows virtual memory manager may require write access to either or both the Windows directory and the root directory of the boot partition.
(4) Network software may require access to the boot partition.
(5) In general, with a complex operating system, making the boot partition ‘Read Only’ is restrictive and may cause incompatibility and high administration overhead.
It is an object of the present invention to obviate or mitigate the aforementioned problems.
SUMMARY OF THE INVENTION
According to a first aspect of the present invention there is provided a method of controlling access to and modification of information stored on a storage medium forming part of a computer system comprising:
dividing information stored on the storage medium into a plurality of non-overlapping partitions including a boot partition and at least one general partition, characterised by
designating at least one of said partitions a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite any resident information stored in a/the WMR partition by updated information the updated information is written on the storage medium in a location other than where the/any resident information is stored and a (virtual) pointer to the updated information is set up/kept so that the updated information can be accessed, as required during a remainder of a session.
A system reset causes the updated information, together with the list of pointers to this information, to be cleared. This returns the WMR partition to it's original state as configured in Unsupervised Mode.
Providing such a WMR partition is virus-free to start with it will be virus-free at the start of each new session.
Preferably a boot partition on the storage medium would be WMR protected. A general partition could also be WMR protected should a user require it.
The basis of the method according to the first aspect of the present invention to achieve this is to set up a scheme in which the original information stored in the WMR partition is keep unaltered and that datawhich would normally overwrite it is stored securely elsewhere on the storage medium where it can be accessed as required during the remainder of a session. The scheme defines how this is done efficiently in terms of minimal additional storage space and minimal reduction in throughput time while at the same time providing maximum security.
Preferably according to the method of the first aspect of the present invention there is also provided supervising means (a Supervisor) separate of a central processing unit (CPU) of the computer system and made inaccessible to the user,
said supervising means allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition, and whether the partition is active or inactive,
said supervising means also allowing a format operation only on a general partition which is active and prohibiting a format operation on the boot partition or on a general partition which is inactive,
and causing a warning to be issued to the user should an attempt be made to perform a prohibited read, write or format operation.
Preferably, space is reserved on the storage medium which may be accessed only by the Supervisor, referred to as the dedicated area
2
. The dedicated area may be a special partition, a range of sectors within the WMR partition, or unallocated sectors withing a dormant partition.
Each WMR partition has a Sector Relocation Table (SRT) associated with it which table is held in Supervisor RAM, each entry in a SRT defining the address of a range of sectors in the WMR partition that have been updated and the address where the updated information is located, this location being within the dedicated area.
According to a second aspect of the present invention there is provided an apparatus for controlling access to and modification of information stored on a storage medium of a computer system, the storage medium being divided into a plurality of non-overlapping partitions including a boot partition and at least one general partition, characterised in that
at least one of said partitions comprises a Write Many Recoverable (WMR) partition wherein, in use, if a write command is issued to overwrite (ie, update) any information stored in the WMR partition the updated information is stored elsewhere on the storage medium and a pointer to this information kept so the information can be accessed as required during the remainder of the session, wherein a system reset causes the updated information, together with the list of pointers to this information, to be cleared, thus returning the WMR partition to its original state as configured in Unsupervised Mode.
Preferably the apparatus further comprises a supervising means (a Supervisor) separate of a central processing unit (CPU) of the computer system and made inaccessible to the user,
said supervising means allowing/restricting/prohibiting read/write operations upon the storage medium depending upon whether information to be read from a sector or written to a sector is operating system information or user information, whether the sector is in the boot partition or in a general partition and whether if the partition is a ge
Killean Hannah Bain Wilson or
Killean Reginald
Robb David
White Norman Jackson
Arendee Limited
Friedman Stuart J.
Killean Hannah Bain Wilson or
Nixon & Peabody LLP
Portka Gary J.
LandOfFree
Computer systems does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer systems will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3115704