Method and system for providing data security in a file system monitor with stack positioning
First Claim
1. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:
- detecting an I/O request to said first device driver;
determining whether said first device driver has been previously called;
if said first device driver has not been previously called, detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;
if said first device driver has been previously called, detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address;
if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
11 Assignments
0 Petitions
Accused Products
Abstract
A System for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers (81, 82, 83, 84) for accessing data in a data storage device. The first device driver detects an I/O request, and determines whether the first device driver is functionally uppermost in the layered plurality of device drivers. If the first device driver is functionally uppermost in the layered plurality of device drivers, the method performs the I/O request (80) in the first device driver. If the device driver is not functionally uppermost in the layered plurality of device drivers, the method denies the I/O request in the first device driver, and allows the I/O request to be performed by the next lowest-level driver in the layered plurality of device drivers.
26 Citations
26 Claims
-
1. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:
-
detecting an I/O request to said first device driver; determining whether said first device driver has been previously called; if said first device driver has not been previously called, detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver has been previously called, detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address; if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for providing data security, the system comprising a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, wherein said first device driver:
-
detects an I/O request; determines whether said first device driver has been previously called; if said first device driver has not been previously called, detects an initial calling module address, stores said initial calling module address, and concludes that said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver has been previously called, detects a second calling module address, compares said second calling module address to the initial calling module address, and concludes that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address; if said first device driver is functionally uppermost in the layered plurality of device drivers, performs the I/O request; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, denies the I/O request, and allows the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method comprising the steps of:
-
detecting an I/O request to said first device driver; determining whether said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver by setting a first device driver shutdown flag and initiating a re-hook process;
the re-hook process comprising;counting the number of times the re-hook process has been initiated; checking whether the number of times has reached a predetermined maximum threshold; if the number of times has reached a predetermined maximum threshold, initiating programmable security response; and if the number of times has not reached a predetermined maximum threshold, initiating reattachment of said first device driver functionally uppermost in the layered plurality of device drivers, unsetting said first device driver shutdown flag and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system for providing data security, the system comprising a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, wherein said first device driver:
-
detects an I/O request; determines whether said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver is functionally uppermost in the layered plurality of device drivers, performs the I/O request; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, denies the I/O request by setting a first device driver shutdown flag and calling a re-hook system; wherein the re-hook system comprises a counter that counts the number of times the re-hook system has been initiated to check whether the number of times has reached a predetermined maximum threshold, if the number of times has reached a predetermined maximum threshold, the re-hook system initiates a programmable security response; and if the number of times has not reached a predetermined maximum threshold, the re-hook system initiates reattachment of said first device driver functionally uppermost in the layered plurality of device drivers, unsets said first device driver shutdown flag and allows the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A machine-readable medium comprising secured data and a first device driver program for providing data security when operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, said first device driver program comprising computer-implemented instructions for:
-
computer-implemented instructions for detecting an I/O request to said first device driver; computer-implemented instructions for determining whether said first device driver has been previously called; if said first device driver has not been previously called, computer-implemented instructions for detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver has been previously called, computer-implemented instructions for detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address; if said first device driver is functionally uppermost in the layered plurality of device drivers, computer-implemented instructions for performing the I/O request in said first device driver; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, computer-implemented instructions for denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
-
-
26. A computer-implemented first device driver for providing data security when operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, said first device driver comprising:
-
means for detecting an I/O request to said first device driver; means for determining whether said first device driver has been previously called; if said first device driver has not been previously called, means for detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers; if said first device driver has been previously called, means for detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address; if said first device driver is functionally uppermost in the layered plurality of device drivers, means for performing the I/O request in said first device driver; and if said first device driver is not functionally uppermost in the layered plurality of device drivers, means for denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
-
Specification