Customized data generating data storage system filter for data security
First Claim
1. A security filter for a data storage system having a storage device being accessible to a client interface to provide a response to the client interface in accordance with a request for data received from the client interface, the security filter comprising:
- an intrusion detector coupled to the client interface and being operable to determine that the request from the client interface is an intruder request or that the response from the storage device is an intruder response, wherein the intruder request or intruder response result from an unauthorized attempt to access information related to a content of the storage device; and
a response generator coupled to the storage device and the client interface and being operable to;
intercept the intruder response from the storage device and prevent the intruder response from reaching the client interface;
generate a substitute response containing artificial information corresponding to the detected intruder request or intruder response; and
provide the substitute response containing artificial information to the client interface instead of providing the requested data to the client interface.
1 Assignment
0 Petitions
Accused Products
Abstract
A data storage system filter operates through a filter framework in a file system to detect and provide customized responses to unauthorized access attempts. A security event definition determines when file system access events are classified as unauthorized access attempts. A trap manager manages the security events, and causes traps to be installed to capture file system responses. The trapped responses can be replaced with customized data, such as static artificial data, or artificial data generated based on a context of the request and/or response. The security filter can be loaded or unloaded in the filter framework and operates on a callback mechanism to avoid significant disruption of I/O activity.
-
Citations
43 Claims
-
1. A security filter for a data storage system having a storage device being accessible to a client interface to provide a response to the client interface in accordance with a request for data received from the client interface, the security filter comprising:
-
an intrusion detector coupled to the client interface and being operable to determine that the request from the client interface is an intruder request or that the response from the storage device is an intruder response, wherein the intruder request or intruder response result from an unauthorized attempt to access information related to a content of the storage device; and a response generator coupled to the storage device and the client interface and being operable to; intercept the intruder response from the storage device and prevent the intruder response from reaching the client interface; generate a substitute response containing artificial information corresponding to the detected intruder request or intruder response; and provide the substitute response containing artificial information to the client interface instead of providing the requested data to the client interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A security filter for a data storage system having a storage device being accessible to a client interface to provide a response to the client interface in accordance with a request for data received from the client interface, the security filter comprising:
-
an intrusion detection means coupled to the client interface for determining that the request from the client interface is an intruder request or that the response from the storage device is an intruder response, wherein the intruder request or intruder response result from an unauthorized attempt to access information related to a content of the storage device; and a response generation means coupled to the storage device and the client interface for; intercepting the intruder response from the storage device and preventing the intruder response from reaching the client interface; generating a substitute response containing artificial information corresponding to the detected intruder request or intruder response; and providing the substitute response containing artificial information to the client interface instead of without providing the requested data to the client interface.
-
-
22. A security filter for a data storage system having a storage device and being accessible to a client interface, the security filter comprising:
-
a security event definition for identifying unauthorized attempts made through the client interface to access information related to the storage device; a trap mechanism operable to install a trap that can block access to the information related to be identified unauthorized attempts to access the storage device; a trap manager responsive to the unauthorized attempts identified by the security event definition to control the trap mechanism to cause the trap to be installed; and a data generator operable to form an information substitute to be provided to the client interface when the trap blocks access to the information related to the identified unauthorized attempts to access the storage device, wherein the information substitute is artificial information corresponding to a content of the unauthorized attempts to access the storage device, and wherein the information substitute is provided to the client interface instead of the information related to the identified unauthorized attempts to access the storage device. - View Dependent Claims (23, 24, 25)
-
-
26. A security filter for a data storage system having a storage device and being accessible to a client interface, the security filter comprising:
-
a trap manager responsive to information stemming from an intruder request from the client interface or an intruder response from the storage device to determine a security filter action; a trap mechanism operable to block data related to the intruder request or the intruder response based on the security filter action, under control of the trap manager; and a response mechanism for forming a response provided to the client interface, the response including substitute data, wherein the substitute data is artificial information corresponding to a content of the intruder request or the intruder response, wherein the substitute data is provided instead of the data related to the intruder request or the intruder response. - View Dependent Claims (27)
-
-
28. A method for securing a data storage system having a storage device being accessible to a client interface to provide a response to the client interface in accordance with a request for data received from the client interface, the method comprising:
-
determining when the request from the client interface is an intruder request or that the response from the storage device is an intruder response, wherein the intruder request or intruder response result from an unauthorized attempt to access information related to a content of the storage device; intercepting the intruder response from the storage device and preventing the intruder response from reaching the client interface; generating a substitute response containing artificial information corresponding to the detected intruder request or intruder response; and providing the substitute response containing the artificial information to the client interface instead of providing the requested data to the client interface. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for providing security in a data storage system having an input/output (I/O) interface and a storage media, comprising:
-
receiving an incoming request from the I/O interface and providing an outgoing request to the storage media, the incoming request including protocol information; receiving an incoming response from the storage media and providing an outgoing response to the I/O interface, the outgoing response including the protocol information; and filtering information in the data storage system to modify information related to the outgoing request or the outgoing response and provide the modified information instead of providing the requested information, wherein the incoming request or the incoming response relates to an unauthorized attempt to access information in the data storage system, and wherein the modified information includes artificial information corresponding to the unauthorized attempt to access information in the data storage system.
-
-
43. A computer-program product comprising:
-
a computer-readable medium having computer program code embodied thereon for securing a data storage system having a storage device being accessible to a client interface to provide a response to the client interface in accordance with a request received from the client interface, the computer program code adapted to; determine when the request from the client interface is an intruder request or when the response from the storage device is an intruder response, wherein the intruder request or intruder response result from an unauthorized attempt to access information related to a content of the storage device; intercept the intruder response from the storage device and prevent the intruder response from reaching the client interface; generate a substitute response containing artificial information corresponding to the detected intruder request or intruder response; and provide the substitute response containing the artificial information to the client interface instead of providing the requested information to the client interface.
-
Specification