Method and system for providing data security in a file system monitor with stack positioning

US 7,103,783 B1
Filed: 09/29/2000
Issued: 09/05/2006
Est. Priority Date: 09/29/2000
Status: Active Grant

First Claim

Patent Images

1. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:

detecting an I/O request to said first device driver;

determining whether said first device driver has been previously called;

if said first device driver has not been previously called, detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;

if said first device driver has been previously called, detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;

if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and

if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A System for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers (81, 82, 83, 84) for accessing data in a data storage device. The first device driver detects an I/O request, and determines whether the first device driver is functionally uppermost in the layered plurality of device drivers. If the first device driver is functionally uppermost in the layered plurality of device drivers, the method performs the I/O request (80) in the first device driver. If the device driver is not functionally uppermost in the layered plurality of device drivers, the method denies the I/O request in the first device driver, and allows the I/O request to be performed by the next lowest-level driver in the layered plurality of device drivers.

26 Citations

View as Search Results

26 Claims

1. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:
- detecting an I/O request to said first device driver;
  
  determining whether said first device driver has been previously called;
  
  if said first device driver has not been previously called, detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver has been previously called, detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein said first device driver is a file system monitor.
  - 3. The method of claim 1 wherein the data is stored in a secure virtual file system, and wherein the step of performing the I/O request further comprises the step of implementing data security measures.
  - 4. The method of claim 1 wherein the data is stored in encrypted form, and wherein the step of performing the I/O request further comprises the step of decrypting the data.
  - 5. The method of claim 1 wherein the step of performing the I/O request further comprises the step of checking the data for viruses.

6. A system for providing data security, the system comprising a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, wherein said first device driver:
- detects an I/O request;
  
  determines whether said first device driver has been previously called;
  
  if said first device driver has not been previously called, detects an initial calling module address, stores said initial calling module address, and concludes that said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver has been previously called, detects a second calling module address, compares said second calling module address to the initial calling module address, and concludes that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, performs the I/O request; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, denies the I/O request, and allows the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein said first device driver is a file system monitor.
  - 8. The method of claim 6 further comprising a secure virtual file system for storing the data, and wherein said first device driver performs the I/O request by implementing data security measures.
  - 9. The method of claim 6 wherein the data is stored in encrypted form, and wherein said first device driver performs the I/O request by decrypting the data.
  - 10. The method of claim 6 wherein said first device driver performs the I/O request by checking the data for viruses.

11. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:
- detecting an I/O request to said first device driver;
  
  determining whether said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver by setting a first device driver shutdown flag and initiating a re-hook process;
  
  the re-hook process comprising;
  
  counting the number of times the re-hook process has been initiated;
  
  checking whether the number of times has reached a predetermined maximum threshold;
  
  if the number of times has reached a predetermined maximum threshold, initiating programmable security response; and
  
  if the number of times has not reached a predetermined maximum threshold, initiating reattachment of said first device driver functionally uppermost in the layered plurality of device drivers, unsetting said first device driver shutdown flag and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11 wherein the programmable security response comprises the step of destroying the data.
  - 13. The method of claim 11 wherein the data is stored in a secure virtual file system, and wherein the step of destroying the data further comprises the step of destroying the secure virtual file system.
  - 14. The method of claim 11 wherein the programmable security response comprises the step of terminating open applications.
  - 15. The method of claim 11 wherein the programmable security response comprises the step of destroying said first device driver on the data storage device.
  - 16. The method of claim 11 wherein the programmable security response comprises the step of halting the operation of the computer.
  - 17. The method of claim 11 wherein the programmable security response comprises the step of causing the computer to enter a state requiring reboot.

18. A system for providing data security, the system comprising a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, wherein said first device driver:
- detects an I/O request;
  
  determines whether said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, performs the I/O request; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, denies the I/O request by setting a first device driver shutdown flag and calling a re-hook system;
  
  wherein the re-hook system comprises a counter that counts the number of times the re-hook system has been initiated to check whether the number of times has reached a predetermined maximum threshold,if the number of times has reached a predetermined maximum threshold, the re-hook system initiates a programmable security response; and
  
  if the number of times has not reached a predetermined maximum threshold, the re-hook system initiates reattachment of said first device driver functionally uppermost in the layered plurality of device drivers, unsets said first device driver shutdown flag and allows the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18 wherein the programmable security response destroys the data.
  - 20. The system of claim 18 further comprising a secure virtual file system for storing the data, and wherein the programmable security response destroys the data and destroys the secure virtual file system.
  - 21. The system of claim 18 wherein the programmable security response terminates open applications.
  - 22. The system of claim 18 wherein the programmable security response destroys said first device driver on the data storage device.
  - 23. The system of claim 18 wherein the programmable security response halts the operation of the computer.
  - 24. The system of claim 18 wherein the programmable security response causes the computer to enter a state requiring reboot.

25. A machine-readable medium comprising secured data and a first device driver program for providing data security when operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, said first device driver program comprising computer-implemented instructions for:
- computer-implemented instructions for detecting an I/O request to said first device driver;
  
  computer-implemented instructions for determining whether said first device driver has been previously called;
  
  if said first device driver has not been previously called, computer-implemented instructions for detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver has been previously called, computer-implemented instructions for detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, computer-implemented instructions for performing the I/O request in said first device driver; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, computer-implemented instructions for denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.

26. A computer-implemented first device driver for providing data security when operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, said first device driver comprising:
- means for detecting an I/O request to said first device driver;
  
  means for determining whether said first device driver has been previously called;
  
  if said first device driver has not been previously called, means for detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver has been previously called, means for detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, means for performing the I/O request in said first device driver; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, means for denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GigaMedia Access Corp. (Pinion Software Inc.)
Original Assignee
Pinion Software Inc.
Inventors
Friedman, George, Starek, Robert Phillip, Murdock, Carlos A.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US09/701,201
Time in Patent Office

2,167 Days
Field of Search

713164-166, 713200-202, 709220-229, 719/321, 719/327, 719/330, 710/26, 710/28, 710/43
US Class Current

726/15
CPC Class Codes

G06F 21/6281 at program execution time, ...

Method and system for providing data security in a file system monitor with stack positioning

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing data security in a file system monitor with stack positioning

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links