System and method to secure a computer system by selective control of write access to a data storage medium
DCFirst Claim
Patent Images
1. In a computer comprising a storage medium and an application running on said computer in conjunction with an operating system that manages access to a data storage device, a method of controlling write access to said data storage device by said application comprising:
- using the computer operating a detection process in a secure mode access an attempt by the running application to write data to said data storage device;
retrieving from computer memory a permission data value result from a database comprised of data elements encoding either at least one permission value associated with the application or a value representing that no permission value for the application is present in the database;
andcontrolling write access by the running application to store data to the data storage device in dependence on said retrieved permission result.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.
-
Citations
32 Claims
-
1. In a computer comprising a storage medium and an application running on said computer in conjunction with an operating system that manages access to a data storage device, a method of controlling write access to said data storage device by said application comprising:
-
using the computer operating a detection process in a secure mode access an attempt by the running application to write data to said data storage device; retrieving from computer memory a permission data value result from a database comprised of data elements encoding either at least one permission value associated with the application or a value representing that no permission value for the application is present in the database; and controlling write access by the running application to store data to the data storage device in dependence on said retrieved permission result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer system for controlling write access to a first data storage device by at least one application running on a first computer system operatively connected to said first data storage device comprising:
-
The first data storage device; A first rules database stored on the first computer system comprised of at least one application identifier data value and at least one corresponding permission data value; An interceptor module operating a process on the first computer system in a secure mode that is configured by logic to monitor file system access on the first computer system by the at least one application operating distinct from the interceptor process, where such logic is configured to detect, a write access attempt to the first data storage device by the at least one running application, the interceptor module is further adapted by logic to control the write access to the first data storage device by retrieving a permission value corresponding to the at least one application attempting the write access to the first data storage device and using the retrieved permission value to determine whether to permit or prevent such write access to the first data storage device. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of controlling write access to a data storage device by an application running in application space on a first computer comprising:
-
receiving at a server computer from a plurality second computers operatively connected to the server by means of a data network, a corresponding plurality of permission values associated with the application operating on the first computer; storing said permission values; generating an output permission value for the application in dependence on the stored permission values; receiving at said server computer from the first computer operatively connected to the server by means of a data network, a request for a permission value associated with the application running on the first computer as a result of a process monitoring write access requests by the application on the first computer detecting an attempt by the application to write data to the data storage device, interrogating a local database of permission values and failing to locate a permission value associated with the application in the local database; selecting the stored permission value in response to receiving the request; and transmitting to said first computer the output permission value derived from the plurality of received permission values to the first computer over the data network in order to cause the monitoring process operating on the first computer to permit or deny write access by the application to the data storage device in dependence on the transmitted output permission value. - View Dependent Claims (30, 31, 32)
-
Specification