MOVING TARGET DEFENSES FOR DATA STORAGE DEVICES
First Claim
1. A moving target defense method for securing at least one data storage device, comprising:
- changing, within a storage appliance, a device type of the at least one data storage device from “
disk”
to “
unknown;
”
obfuscating a command set for the at least one data storage device inside the storage appliance;
after a command is sent to the at least one data storage device from a host computer via the storage appliance, re-obfuscating the command set and reconfiguring a communications channel between the storage appliance and the at least one data storage device; and
statically linking an interface library on the host computer to an authorized application on the host computer, wherein the storage appliance allows the authorized application to access the at least one data storage device and blocks any other applications on the host computer from accessing the at least one data storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for actively securing data storage devices utilize the technique of storage virtualization. In embodiments, would-be cyberattackers are presented with many possible “ports” or “channels” by which to communicate over a network with a data storage device. Unknown to the attacker, at any given time, only one of these ports or channels is the “correct,” or “active,” port; all of the other ports are dummies that do not permit communication with the storage device. The active port is dynamically, randomly, and/or continually reconfigured, seriously impeding the ability of the attacker to access the data storage device through the active port.
-
Citations
11 Claims
-
1. A moving target defense method for securing at least one data storage device, comprising:
-
changing, within a storage appliance, a device type of the at least one data storage device from “
disk”
to “
unknown;
”obfuscating a command set for the at least one data storage device inside the storage appliance; after a command is sent to the at least one data storage device from a host computer via the storage appliance, re-obfuscating the command set and reconfiguring a communications channel between the storage appliance and the at least one data storage device; and statically linking an interface library on the host computer to an authorized application on the host computer, wherein the storage appliance allows the authorized application to access the at least one data storage device and blocks any other applications on the host computer from accessing the at least one data storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11-20. -20. (canceled)
Specification