Data loss prevention
First Claim
1. A computer system for storing data, comprising:
- one or more processors; and
memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for;
implementing a packing algorithm configured to determine a plurality of locations at which to store a first set of files in a first file system, wherein one or more of the locations is selected so as to increase an amount of slack space on a storage medium, wherein the slack space comprises unused space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system, and wherein;
implementing the packing algorithm comprises replacing a default packing algorithm with the packing algorithm;
the default packing algorithm is configured to create a minimized amount of slack space; and
increasing an amount of slack space on a storage medium comprises creating an increased amount of slack space that is greater than the minimized amount of slack space;
receiving a request to store data on the storage medium; and
in response to receiving the request;
determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system;
in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and
storing the data at the determined location in the slack space.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.
-
Citations
23 Claims
-
1. A computer system for storing data, comprising:
-
one or more processors; and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for; implementing a packing algorithm configured to determine a plurality of locations at which to store a first set of files in a first file system, wherein one or more of the locations is selected so as to increase an amount of slack space on a storage medium, wherein the slack space comprises unused space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system, and wherein; implementing the packing algorithm comprises replacing a default packing algorithm with the packing algorithm; the default packing algorithm is configured to create a minimized amount of slack space; and increasing an amount of slack space on a storage medium comprises creating an increased amount of slack space that is greater than the minimized amount of slack space; receiving a request to store data on the storage medium; and in response to receiving the request; determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system; in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and storing the data at the determined location in the slack space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for storing data, performed at a computer system comprising one or more processors and memory, the method comprising:
-
implementing a packing algorithm configured to determine a plurality of locations at which to store a first set of files in a first file system, wherein one or more of the locations is selected so as to increase an amount of slack space on a storage medium, wherein the slack space comprises unused space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system, and wherein; implementing the packing algorithm comprises replacing a default packing algorithm with the packing algorithm; the default packing algorithm is configured to create a minimized amount of slack space; and increasing an amount of slack space on a storage medium comprises creating an increased amount of slack space that is greater than the minimized amount of slack space; receiving a request to store data on the storage medium; and in response to receiving the request; determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system; in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and storing the data at the determined location in the slack space. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors of a device with one or more processors and memory, the one or more programs including instructions for:
-
implementing a packing algorithm configured to determine a plurality of locations at which to store a first set of files in a first file system, wherein one or more of the locations is selected so as to increase an amount of slack space on a storage medium, wherein the slack space comprises unused space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system, and wherein; implementing the packing algorithm comprises replacing a default packing algorithm with the packing algorithm; the default packing algorithm is configured to create a minimized amount of slack space; and increasing an amount of slack space on a storage medium comprises creating an increased amount of slack space that is greater than the minimized amount of slack space; receiving a request to store data on the storage medium; and in response to receiving the request; determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system; in response to determining to use the second file system, determining, based on the index of a second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and storing the data at the determined location in the slack space. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification