Method and apparatus for identifying tampering of data in a file system
First Claim
Patent Images
1. A method for determining whether a file system has been tampered with, comprising:
- retrieving a file system digital signature for the file system,wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block,wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool,wherein the root block comprises references to the first indirect block and the second indirect block,wherein the first indirect block comprises a first reference to the third indirect block,wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block,wherein the second indirect block comprises a second reference to the fourth indirect block,wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block,wherein the root block comprises the file system digital signature, andwherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum;
determining whether the retrieved file system digital signature is equal to a stored file system digital signature;
obtaining the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and
notifying a user, if the retrieved file system digital signature is not equal to the stored file system digital signature.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for storing a data block, including storing the data block in a storage pool, obtaining a data block location, calculating a secure data block checksum for the data block, and storing a first indirect block in the storage pool, wherein the first indirect block comprises the data block location and the secure data block checksum.
51 Citations
5 Claims
-
1. A method for determining whether a file system has been tampered with, comprising:
-
retrieving a file system digital signature for the file system, wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block, wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool, wherein the root block comprises references to the first indirect block and the second indirect block, wherein the first indirect block comprises a first reference to the third indirect block, wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block, wherein the second indirect block comprises a second reference to the fourth indirect block, wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block, wherein the root block comprises the file system digital signature, and wherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum; determining whether the retrieved file system digital signature is equal to a stored file system digital signature; obtaining the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and notifying a user, if the retrieved file system digital signature is not equal to the stored file system digital signature. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system for determining whether a file system has been tampered with, comprising:
-
a processor; a memory; a storage device; and software instructions stored in the memory for enabling the computer system under control of the processor, to; retrieve a file system digital signature for the file system, wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block, wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool, wherein the root block comprises references to the first indirect block and the second indirect block, wherein the first indirect block comprises a first reference to a third indirect block, wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block, wherein the second indirect block comprises a second reference to a fourth indirect block, wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block, wherein the root block comprises the file system digital signature, and wherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum; determine whether the retrieved file system digital signature is equal to a stored file system digital signature; obtain the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and notify a user if the retrieved file system digital signature is not equal to the stored file system digital signature.
-
Specification