DATA LOSS PREVENTION

US 20190318120A1
Filed: 06/21/2019
Published: 10/17/2019
Est. Priority Date: 12/29/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system for storing data, comprising:

one or more processors; and

memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for;

implementing a packing algorithm configured to store a first set of files in a first file system to create an amount of slack space on a storage medium, wherein the slack space comprises space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system;

receiving a request to store data on the storage medium; and

in response to receiving the request;

determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system;

in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and

storing the data at the determined location in the slack space.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

2 Citations

23 Claims

1. A computer system for storing data, comprising:
- one or more processors; and
  
  memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for;
  
  implementing a packing algorithm configured to store a first set of files in a first file system to create an amount of slack space on a storage medium, wherein the slack space comprises space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system;
  
  receiving a request to store data on the storage medium; and
  
  in response to receiving the request;
  
  determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system;
  
  in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and
  
  storing the data at the determined location in the slack space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 23)
- - 2. The system of claim 1, wherein the index of the second set of files is stored, along with instructions for storing and reading the second set of files from the slack space, as a slack-space file-system program.
  - 3. The system of claim 2, wherein the slack-space file-system program is stored in a registry of the system.
  - 4. The system of claim 2, wherein the slack-space file-system program is encrypted and compressed.
  - 5. The system of claim 2, wherein the one or more programs include instructions for initializing the slack-space file-system program via a loader program, and wherein the loader program is stored as a library of the system.
  - 6. The system of claim 5, wherein the loader program is stored as a first dynamic-link library.
  - 7. The system of claim 6, wherein the loader program is configured to be executed when the first dynamic-link library is called by a second dynamic-link library.
  - 23. The system of claim 1, wherein the index of the second set of files that are stored in the slack space of the first file system is inaccessible to the first file system.

8. A method for storing data, performed at a computer system comprising one or more processors and memory, the method comprising:
- implementing a packing algorithm configured to store a first set of files in a first file system to create an amount of slack space on a storage medium, wherein the slack space comprises space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system;
  
  receiving a request to store data on the storage medium; and
  
  in response to receiving the request;
  
  determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system;
  
  in response to determining to use the second file system, determining, based on an index of the second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and
  
  storing the data at the determined location in the slack space.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the index of the second set of files is stored, along with instructions for storing and reading the second set of files from the slack space, as a slack-space file-system program.
  - 10. The method of claim 9, wherein the slack-space file-system program is stored in a registry of the system.
  - 11. The method of claim 9, wherein the slack-space file-system program is encrypted and compressed.
  - 12. The method of claim 9, comprising initializing the slack-space file-system program via a loader program, wherein the loader program is stored as a library of the system.
  - 13. The method of claim 12, wherein the loader program is stored as a first dynamic-link library.
  - 14. The method of claim 13, wherein the loader program is configured to be executed when the first dynamic-link library is called by a second dynamic-link library.

15. A non-transitory computer-readable storage medium storing one or more programs configured to be executed by one or more processors of a device with one or more processors and memory, the one or more programs including instructions for:
- implementing a packing algorithm configured to store a first set of files in a first file system to create an amount of slack space on a storage medium, wherein the slack space comprises space in the storage medium between the end of a file in the first set of files and the end of a cluster allocated by the first file system to store the file, wherein the cluster is a predetermined minimum amount of contiguous space that can be allocated by the first file system;
  
  receiving a request to store data on the storage medium; and
  
  in response to receiving the request;
  
  determining whether to use the first file system or a second file system to store the data, wherein the second file system is configured to store a second set of files in the slack space of the first file system;
  
  in response to determining to use the second file system, determining, based on the index of a second set of files that are stored in the slack space, a location in the slack space on the storage medium in which to store the data; and
  
  storing the data at the determined location in the slack space.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the index of the second set of files is stored, along with instructions for storing and reading the second files from the slack space, as a slack-space file-system program.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the slack-space file-system program is stored in a registry of the system.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the slack-space file-system program is encrypted and compressed.
  - 19. The non-transitory computer-readable storage medium of claim 16, the one or more programs including instructions for initializing the slack-space file-system program via a loader program, wherein the loader program is stored as a library of the system.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the loader program is stored as a first dynamic-link library.
  - 21. The non-transitory computer-readable storage medium of claim 20, wherein the loader program is configured to be executed when the first dynamic-link library is called by a second dynamic-link library.

22. A computer system for storing sensitive data in an alternate data stream (ADS), comprising:
- one or more processors; and
  
  memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for;
  
  storing sensitive data in an alternate data stream of a file;
  
  storing non-sensitive data in an unnamed data stream of the file, wherein the non-sensitive data comprises one or more indicators that the non-sensitive data includes sensitive data that is not included in the non-sensitive data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Noblis, Inc.
Original Assignee
Noblis, Inc.
Inventors
MONACO, Matthew K., NEGRON, Daniel, SATIRA, Brian

Granted Patent

US 10,915,654 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/1727   Details of free space manag...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

G06F 3/0608   Saving storage space on sto...

G06F 3/064   Management of blocks

H04L 63/1441   Countermeasures against mal...

DATA LOSS PREVENTION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

DATA LOSS PREVENTION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links