Apparatus and method for preventing access by malware to locally backed up data

US 10,049,215 B2
Filed: 09/02/2016
Issued: 08/14/2018
Est. Priority Date: 09/15/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing malware protection in connection with processing circuitry including hardware resources and software resources managed by a primary operating system, the method comprising:

providing a trusted operating system to control access to a portion of a local storage area of the hardware resources, wherein only the trusted operating system is configured to enable writing to the portion of the local storage area, wherein the local storage area comprises a drive that is access restrictable based on definable ranges comprising at least a first partition including the primary operating system, a second partition including the trusted operating system that is read only, and a third partition including the portion of the local storage area; and

storing backup files for the primary operating system in the portion of the local storage area responsive to the trusted operating system granting access to write to the portion of the local storage area, wherein the portion of the local storage area is normally maintained in a read only state, and wherein storing the backup files comprises enabling, via the trusted operating system, writing to the portion of the local storage area via controlling access to a key accessible only to the trusted operating system, and the key is only available to the trusted operating system responsive to determining a predefined boot sequence was employed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing malware protection in connection with processing circuitry including hardware resources and software resources managed by a primary operating system may include providing a trusted operating system to control access to a portion of a local storage area of the hardware resources. In this context, only the trusted operating system is configured to enable writing to the portion of the local storage area. The method may further include storing backup files for the primary operating system in the portion of the local storage area responsive to the trusted operating system granting access to write to the portion of the local storage area.

13 Citations

14 Claims

1. A method for providing malware protection in connection with processing circuitry including hardware resources and software resources managed by a primary operating system, the method comprising:
- providing a trusted operating system to control access to a portion of a local storage area of the hardware resources, wherein only the trusted operating system is configured to enable writing to the portion of the local storage area, wherein the local storage area comprises a drive that is access restrictable based on definable ranges comprising at least a first partition including the primary operating system, a second partition including the trusted operating system that is read only, and a third partition including the portion of the local storage area; and
  
  storing backup files for the primary operating system in the portion of the local storage area responsive to the trusted operating system granting access to write to the portion of the local storage area, wherein the portion of the local storage area is normally maintained in a read only state, and wherein storing the backup files comprises enabling, via the trusted operating system, writing to the portion of the local storage area via controlling access to a key accessible only to the trusted operating system, and the key is only available to the trusted operating system responsive to determining a predefined boot sequence was employed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising time stamping, via the trusted operating system, data being backed up to enable restoration of the data based upon time of backup.
  - 3. The method of claim 1, further comprising determining, via the trusted operating system, whether new data in need of backup exists and, responsive to determining existence of the new data, employing the key to enable writing to a backup area comprising the portion of the local storage area.
  - 4. The method of claim 3, wherein after writing to the backup area, the trusted operating system makes the backup area read only before transferring control to the primary operating system.
  - 5. The method of claim 3, wherein the trusted operating system does not store any pre-extant data in the backup area.
  - 6. The method of claim 1, wherein the predefined boot sequence comprises, upon booting, ensuring that the drive boots from the second partition comprising the trusted operating system before primary operating system booting.
  - 7. The method of claim 1, further comprising enabling boundaries between partitions to be moved to enable data to be transitioned between read only and read-write portions of the drive.

8. An apparatus for providing malware protection, the apparatus comprising processing circuitry including hardware resources and software resources managed by a primary operating system, the apparatus further including a trusted operating system configured to control access to a portion of a local storage area of the hardware resources,wherein the local storage area comprises a drive that is access restrictable based on definable ranges comprising at least a first partition including the primary operating system, a second partition including the trusted operating system, and a third partition including the portion of the local storage area, wherein the second partition is read only;
- wherein the portion of the local storage area stores backup files for the primary operating system and is normally maintained in a read only state, and wherein the trusted operating system is configured to enable writing to the portion of the local storage area via controlling access to a key accessible only to the trusted operating system, and the key is only available to the trusted operating system responsive to determining a predefined boot sequence was employed; and
  
  wherein only the trusted program operating system is configured to enable writing to the portion of the local storage area.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the trusted operating system time stamps data being backed up to enable restoration of the data based upon time of backup.
  - 10. The apparatus of claim 8, wherein the trusted operating system determines whether new data in need of backup exists and, responsive to determining existence of the new data, employing the key to enable writing to a backup area comprising the portion of the local storage area.
  - 11. The apparatus of claim 10, wherein after writing to the backup area, the trusted operating system makes the backup area read only before transferring control to the primary operating system.
  - 12. The apparatus of claim 10, wherein the trusted operating system does not store any pre-extant data in the backup area.
  - 13. The apparatus of claim 8, wherein the predefined boot sequence comprises, upon booting, ensuring that the drive boots from the second partition comprising the trusted operating system before primary operating system booting.
  - 14. The apparatus of claim 8, wherein boundaries between partitions are movable to enable data to be transitioned between read only and read-write portions of the drive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johns Hopkins University
Original Assignee
Johns Hopkins University
Inventors
Challener, David C., Kruus, Peter S., Fink, Russell A., Farlow, James F.
Primary Examiner(s)
Chen, Eric

Application Number

US15/255,551
Publication Number

US 20170076096A1
Time in Patent Office

711 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

G06F 21/53   by executing in a restricte...

G06F 21/567   using dedicated hardware

G06F 2201/84   Using snapshots, i.e. a log...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2147   Locking files

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

Apparatus and method for preventing access by malware to locally backed up data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for preventing access by malware to locally backed up data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links