Method and apparatus for identifying tampering of data in a file system

US 7,412,450 B1
Filed: 05/26/2004
Issued: 08/12/2008
Est. Priority Date: 05/26/2004
Status: Active Grant

First Claim

Patent Images

1. A method for determining whether a file system has been tampered with, comprising:

retrieving a file system digital signature for the file system,wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block,wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool,wherein the root block comprises references to the first indirect block and the second indirect block,wherein the first indirect block comprises a first reference to the third indirect block,wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block,wherein the second indirect block comprises a second reference to the fourth indirect block,wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block,wherein the root block comprises the file system digital signature, andwherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum;

determining whether the retrieved file system digital signature is equal to a stored file system digital signature;

obtaining the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and

notifying a user, if the retrieved file system digital signature is not equal to the stored file system digital signature.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for storing a data block, including storing the data block in a storage pool, obtaining a data block location, calculating a secure data block checksum for the data block, and storing a first indirect block in the storage pool, wherein the first indirect block comprises the data block location and the secure data block checksum.

51 Citations

View as Search Results

5 Claims

1. A method for determining whether a file system has been tampered with, comprising:
- retrieving a file system digital signature for the file system,wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block,wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool,wherein the root block comprises references to the first indirect block and the second indirect block,wherein the first indirect block comprises a first reference to the third indirect block,wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block,wherein the second indirect block comprises a second reference to the fourth indirect block,wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block,wherein the root block comprises the file system digital signature, andwherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum;
  
  determining whether the retrieved file system digital signature is equal to a stored file system digital signature;
  
  obtaining the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and
  
  notifying a user, if the retrieved file system digital signature is not equal to the stored file system digital signature.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the checksum is obtained when the file system is secure.
  - 3. The method of claim 1, wherein the checksum is obtained when the file system is not secure.
  - 4. The method of claim 1, wherein obtaining the data block comprises:
    - obtaining the third indirect block comprising a stored secure checksum and a data block location;
      
      obtaining the data block using the data block location;
      
      calculating a secure checksum for the data block to obtain a calculated secure checksum;
      
      retrieving the data from the data block, if the stored secure checksum equals the calculated secure checksum; and
      
      notifying the user that the data block has been tampered, if the stored secure checksum is not equal to the calculated secure checksum.

5. A computer system for determining whether a file system has been tampered with, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system under control of the processor, to;
  
  retrieve a file system digital signature for the file system,wherein the file system comprises a root block, a first indirect block, a second indirect block, a third indirect block, a fourth indirect block, and a data block,wherein the root block, the first indirect block, the second indirect block, the third indirect block, the fourth indirect block, and the data block are located on distinct metaslabs within a storage pool,wherein the root block comprises references to the first indirect block and the second indirect block,wherein the first indirect block comprises a first reference to a third indirect block,wherein a first checksum is generated using content of the third indirect block and is stored in the first indirect block,wherein the second indirect block comprises a second reference to a fourth indirect block,wherein a second checksum is generated using content of the fourth indirect block and is stored in the second indirect block,wherein the root block comprises the file system digital signature, andwherein the file system digital signature is generated by applying a checksum function to the first checksum and the second checksum;
  
  determine whether the retrieved file system digital signature is equal to a stored file system digital signature;
  
  obtain the data block from the file system using the third indirect block, if the retrieved file system digital signature is equal to the stored file system digital signature; and
  
  notify a user if the retrieved file system digital signature is not equal to the stored file system digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Ahrens, Matthew A., Bonwick, Jeffrey S.
Primary Examiner(s)
Wong; Don
Assistant Examiner(s)
Darno; Patrick A.

Application Number

US10/853,874
Time in Patent Office

1,539 Days
Field of Search

726/26, 713/176, 711/161, 380/251
US Class Current

1/1
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 21/645   using a third party

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Method and apparatus for identifying tampering of data in a file system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for identifying tampering of data in a file system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links