Method and apparatus for real-time secure file deletion
First Claim
1. A method for enhancing file system delete calls of an operating system, comprising:
- intercepting a file system call, the file system call intended to perform a function with respect to data stored on a storage device;
determining whether the file system call is a delete call; and
if the file system call is a delete call, performing supplemental processing comprising;
opening a handle to a file identified in the delete call;
requesting a size of the file;
overwriting the file with a specified overwrite array;
generating a force commit to disk to flush a write buffer of the storage device and ensure that the overwrite array is actually written to the storage device;
closing the handle to the file;
passing the delete call down the file system such that proper flags are set for the delete call to have properly completed;
overwriting a filename of the file; and
modifying the delete call into a get file attribute call and passing the get file attribute call down the file system layers.
13 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95.
97 Citations
7 Claims
-
1. A method for enhancing file system delete calls of an operating system, comprising:
-
intercepting a file system call, the file system call intended to perform a function with respect to data stored on a storage device; determining whether the file system call is a delete call; and if the file system call is a delete call, performing supplemental processing comprising; opening a handle to a file identified in the delete call; requesting a size of the file; overwriting the file with a specified overwrite array; generating a force commit to disk to flush a write buffer of the storage device and ensure that the overwrite array is actually written to the storage device; closing the handle to the file; passing the delete call down the file system such that proper flags are set for the delete call to have properly completed; overwriting a filename of the file; and modifying the delete call into a get file attribute call and passing the get file attribute call down the file system layers. - View Dependent Claims (2, 3, 4)
-
-
5. A method for enhancing file system write calls, comprising:
-
identifying a write call with a length of zero which indicates that the write call is placing a new end-of-file (EOF) marker; determining a position for the new end-of-file (EOF) marker directly from the write call; obtaining a true file size of the file using an enumerate handle function; determining overhang, if any, of the file based upon the true file size and the position of the new end-of-file (EOF) marker, where the overhang is a portion of the file that existed prior to the write call and that extends past the new end-of-file (EOF) marker; overwriting the overhang with a specified overwrite array by directing the intercepted write call to the file system with changed parameters such that the overhang is overwritten and committed to disk; and passing the intercepted write call down the file system to place the new end-of-file (EOF) marker as originally intended. - View Dependent Claims (6)
-
-
7. A method for enhancing file system open (create always) calls, comprising:
-
intercepting an open (create always) call; directing a "ring zero" open call through the file system; when the ring zero open call is passed back, determining whether a handle for the file is returned; if a handle is returned indicating an existing file, directing a ring zero delete call for the existing file which is then processed as with other intercepted delete calls; and if a handle is not returned, passing the intercepted open (create always) call down the file system.
-
Specification