EP0614553A4 - Rechnerspeicherschutz. - Google Patents

Rechnerspeicherschutz.

Info

Publication number
EP0614553A4
EP0614553A4 EP19920923327 EP92923327A EP0614553A4 EP 0614553 A4 EP0614553 A4 EP 0614553A4 EP 19920923327 EP19920923327 EP 19920923327 EP 92923327 A EP92923327 A EP 92923327A EP 0614553 A4 EP0614553 A4 EP 0614553A4
Authority
EP
European Patent Office
Prior art keywords
write
controller
address
memory
disabling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP19920923327
Other languages
English (en)
French (fr)
Other versions
EP0614553A1 (de
Inventor
Thomas Joseph Rogers
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AUSTRALIAN TECH SUPPORT PTY Ltd
AUSTRALIAN TECH SUPPORT Pty
Original Assignee
AUSTRALIAN TECH SUPPORT PTY Ltd
AUSTRALIAN TECH SUPPORT Pty
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AUSTRALIAN TECH SUPPORT PTY Ltd, AUSTRALIAN TECH SUPPORT Pty filed Critical AUSTRALIAN TECH SUPPORT PTY Ltd
Publication of EP0614553A1 publication Critical patent/EP0614553A1/de
Publication of EP0614553A4 publication Critical patent/EP0614553A4/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range

Definitions

  • the invention is directed to a method and apparatus for preventing the unauthorised writing of data to selected portions of a memory device, such as a hard disc of a computer.
  • the invention is particularly useful for preventing "virus” programmes becoming resident in a computer memory device.
  • viruses are unwanted programmes which are designed to interfere with the normal or intended operation of a computer. Although some viruses may only be mischievous in their operation, many viruses are written with malicious intent to cause serious damage, for example by destroying valuable data on a hard disc or otherwise rendering such data irretrievable. The damage caused by such computer viruses can be catastrophic.
  • Any virus regardless of its effect, is a threat to the security of a computer system.
  • Significant costs and downtime are incurred in searching for, and eradicating, virus programmes which may have found their way into a computer memory, and replacing lost data and programmes.
  • viruses pose a serious threat to all computer systems, large or small.
  • virus detection techniques have been proposed. Such techniques are normally software-based. Typically, an anti-virus programme attempts to detect the presence of a virus in a computer memory, such as a hard disc, by searching for a characteristic string of binary digits which identifies the virus. However, such software techniques are not effective for all known viruses. Further, some virus programmes are known to "mutate” and alter their characteristic string, thereby making such programmes virtually undetectable using conventional software techniques. Another known anti-virus programme seeks to foil the intended operation of the virus by trapping interrupt commands. However, this known programme is not always effective against some viruses, and completely ineffective against others.
  • U.S. patent no. 5,144,660 (and its equivalent Australian patent application no. 40095/89) describes a method of securing a computer against undesired write operations to, or read operations from, a hard disc of the computer in order to protect the computer against viruses. This method involves interposing logic circuitry between the disc controller and the read/write head(s) of the disc drive, decoding control signals between the controller and the disc drive and, in response to such decoding, controlling the write or read operations from the disc drive.
  • the prior art method and apparatus are not suitable for computer systems in which the disc controller and the read/write head(s) are formed as a single unit.
  • the prior art protection apparatus cannot differentiate between signals sent by the CPU to the disc controller, e.g. between write commands and "low level" format commands.
  • the write protection device was positioned between the controller and the disc, it was impossible to tell whether the controller was writing data or doing a low level format command as both give the same signals leaving the controller.
  • the present invention provides apparatus for preventing the unwanted writing of data to selected portion(s) of a memory device of a computer having a CPU and a controller for the memory device, the apparatus comprising a write protection device having memory means containing the address(es) of selected portion(s) of the memory to which data is not intended to be written; decoding means for reading the address of any write command to the memory device; comparator means for comparing the write address with the address(es) of the selected portion(s) and disabling means responsive to the output of the comparator means for disabling the write command, characterised in that the write protection device is connected between the CPU and the controller.
  • the decoding means also detects low level format commands and these are stopped in the same manner as write commands to protected sectors.
  • the present invention provides a method of preventing unwanted writing of data to selected portion(s) of a memory device of a computer having a CPU and a controller for the memory device, comprising the steps of
  • steps (d) disabling those write commands having an address corresponding to the preselected portion(s), characterised in that steps (b)-(d) are performed by a write protection device connected between the CPU and the controller.
  • low level format commands are also detected and disabled.
  • data is intended to include any information or program which may be stored in electronic or magnetic format in the memory device.
  • the memory device is the hard disc of a computer, but may be any other sectored or addressable non-volatile memory device, such as a laser disc, floppy disc, RAM, etc.
  • a particular advantage of the present invention is that individual portions of the memory device corresponding to specific addresses can be protected separately.
  • the memory device is a hard disc, individual sectors in a particular cylinder can be protected.
  • the logic circuitry detects any attempt to write a particular sector by decoding the write address and comparing it with stored addresses of sectors to be write protected. If an attempt is made to write to a "protected" sector, the write command will be disabled, i.e. the write command will be prevented from reaching the controller or otherwise rendered ineffective. However, if an attempt is made to write to a sector which is not protected, the write command will be permitted to be executed even though that sector may be in the same cylinder as a protected sector.
  • a virus programme normally is transferred to the boot sector of a hard disc of the computer, typically when the computer is switched on with a floppy disc (having the virus programme) inserted in a disc drive of the machine.
  • the boot sector, and all the sectors in the partition area are permanently write barred. That is, these, portions of the hard disc of the computer would normally always be selected to prevent the writing of any data or programme thereto. If other portions of the memory device are to be write barred, the addresses of these portions can be stored in a look-up table, e.g. in non-volatile memory. The address of any write command can then be compared also with the addresses in the look-up table to ascertain whether the write command will be carried out.
  • the write protection device of this invention is inserted between the CPU and the controller, it has the advantage of being able to selectively prevent other commands, such as low level format commands from being executed.
  • FIG. 1 is a circuit diagram illustrating the write protection circuit of an embodiment of this invention connected to a computer system
  • Fig. 2 is a circuit diagram of part of the write protection circuit of Fig. 1 for fixed memory portions; and Fig. 3 is a circuit diagram of part of the write protection device of Fig. 1 for selectable memory portions.
  • the write protection circuit of the illustrated embodiment monitors all commands sent to the controller for the memory or storage device, typically a hard disc. These commands will move the read/write head or other mechanism to a particular portion of the storage device, e.g. to a particular sector of the hard disc. In particular, the write protection device detects write and format commands.
  • the write protection device tracks these sector commands and compares the write addresses with preselected addresses and/or addresses in a look-up table to determine whether a write command is permissible. If the write address corresponds to a preset sector or a sector listed in the look-up table, the write protection circuit disables the write command, e.g. by not permitting the command to reach the storage device. Low level format commands are also disabled. All read commands however, are unaffected. As illustrated in the drawings, particularly
  • the write protection device 10 can be mounted on a card and interconnected between the CPU and the controller of the hard disc (or other storage device) of a computer. Plug-in and/or piggy-back connections connected to the input and output of the card allow quick and simple installation in the computer.
  • the write protection device taps into the memory data bus to monitor the commands from the CPU to the controller for the hard disc. These commands may include read, write, format, recalibrate, verify, reset and identify commands. The recalibrate, write, format and reset commands are detected. A sector within the hard disc is selected by writing values to registers in the hard drive controller to select a particular read/write head, a track or cylinder, and the required sector on that cylinder.
  • the commands on the data bus are tracked by an instruction decoder 11 which detects any write or low level format commands and provides the appropriate output.
  • the commands are also fed to registers 12-15 which have been preset to detect preselected values. In the illustrated embodiment, these values correspond to all sectors in the partition area, and the boot sector, of the hard disc. (The partition area is cylinder 0, head 0 and all the sectors on that cylinder/head. The boot sector is cylinder 0, head 1, sector 1).
  • AND gate 5 is inverted by inverter 9, and ANDed with the system write command by AND gate 6, the output (HDIOW) of which is fed to the device controller.
  • the command address corresponds to one of the preset addresses in latches 12- 15, the write command will be prevented from reaching the device controller. If the output of AND gate 5 goes high, an alarm
  • flip-flop 7 indicating that an attempt has been made to write to a protected area of the disc. Once the alarm 8 has been triggered the output ⁇ Q of flip- flop 7 is latched low and all write commands are stopped by AND gate 6 regardless of their drive or sector. This acts as a fail safe to prevent further damage once the protected sectors are threatened.
  • Jumper switch J2 is connected to the input of
  • the jumper switch J2 may suitably be key operated.
  • the head/cylinder/sector addresses of such sectors can be stored in a look-up table in non-volatile memory, such as an EPROM, EEPROM, or static RAM with battery backup, connected to the OR gate 4 via jumper switch Jl.
  • non-volatile memory such as an EPROM, EEPROM, or static RAM with battery backup
  • jumper switch Jl As illustrated in Fig. 3, a one Mbyte EEPROM 160 is provided to store the locations of the sectors to be write protected. These sectors can be varied by reprogra ⁇ uning the EEPROM 160.
  • Each command address is compared with the addresses of the preselected sectors using suitable comparator means, such as a programmable logic array.
  • the output of the comparison is fed via Jl to the input of OR gate 4.
  • the write protection device of the illustrated embodiment monitors the read/write commands in parallel with the hard disc controller and will normally allow all commands to reach the controller. However, when a write command is issued, and the read/write heads have been positioned to the restricted sectors, the write command will be prevented from reaching the controller, thereby preventing writing to the protected sectors. Low level format commands can also be blocked separately from write commands.
  • a particular advantage of the write protection system is that as there is no overhead in time required to check the validity of the write command, there is no degradation in performance.
  • the write protection device is based wholly on hardware, it can be adapted to any software operating system.
  • the decoder 11 can also be modified to detect other selected commands to be disabled.
EP19920923327 1991-11-05 1992-11-05 Rechnerspeicherschutz. Withdrawn EP0614553A4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AUPK929791 1991-11-05
AU9297/91 1991-11-05
PCT/AU1992/000594 WO1993009495A1 (en) 1991-11-05 1992-11-05 Computer memory protection

Publications (2)

Publication Number Publication Date
EP0614553A1 EP0614553A1 (de) 1994-09-14
EP0614553A4 true EP0614553A4 (de) 1994-10-26

Family

ID=3775801

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19920923327 Withdrawn EP0614553A4 (de) 1991-11-05 1992-11-05 Rechnerspeicherschutz.

Country Status (4)

Country Link
EP (1) EP0614553A4 (de)
JP (1) JPH07500935A (de)
CA (1) CA2123001A1 (de)
WO (1) WO1993009495A1 (de)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5483649A (en) * 1994-07-01 1996-01-09 Ybm Technologies, Inc. Personal computer security system
GB9605338D0 (en) 1996-03-13 1996-05-15 Arendee Ltd Improvements in or relating to computer systems
EP1063589A1 (de) * 1999-06-25 2000-12-27 TELEFONAKTIEBOLAGET L M ERICSSON (publ) Gerät zur Datenverarbeitung und entsprechendes Verfahren
GB2367386A (en) * 2000-05-11 2002-04-03 Time Computers Ltd Security system for a hard disk
US6629184B1 (en) * 2000-05-18 2003-09-30 Igt Method and apparatus for inhibiting a selected IDE command
US6738879B2 (en) 2000-05-22 2004-05-18 Seagate Technology Llc Advanced technology attachment compatible disc drive write protection scheme
US6813682B2 (en) 2000-09-29 2004-11-02 Steven Bress Write protection for computer long-term memory devices
EP1412879B1 (de) 2001-06-29 2012-05-30 Secure Systems Limited Sicherheitssystem und verfahren für computer
US7165137B2 (en) 2001-08-06 2007-01-16 Sandisk Corporation System and method for booting from a non-volatile application and file storage device
DE10239975A1 (de) * 2002-07-09 2004-01-22 Pütter, Paul Stefan, Dr. Festplattencontroller
US7082525B2 (en) 2002-10-02 2006-07-25 Sandisk Corporation Booting from non-linear memory
US7072211B2 (en) * 2004-05-19 2006-07-04 L-3 Integrated Systems Company Systems and methods for write protection of non-volatile memory devices
DE102005043043A1 (de) * 2005-09-09 2007-03-22 Fujitsu Siemens Computers Gmbh Computer mit mindestens einer Anschlussmöglichkeit für ein Wechselspeichermedium und Verfahren zum Starten und Betreiben eines Computers mit einem Wechselspeichermedium
WO2007104092A1 (en) * 2006-03-15 2007-09-20 Stargames Corporation Pty Limited A method and arrangement for providing write protection for a storage device
EP1926037A1 (de) * 2006-11-27 2008-05-28 Research In Motion Limited System und Verfahren zur Steuerung des Zugriffs auf eine Speichervorrichtung eines elektronischen Geräts
US7730253B2 (en) 2006-11-27 2010-06-01 Research In Motion Limited System and method for controlling access to a memory device of an electronic device
US8090904B2 (en) 2008-02-01 2012-01-03 Cru Acquisition Group, Llc Reduced hard-drive-capacity detection device
CN101996671B (zh) * 2010-11-25 2013-09-04 研祥智能科技股份有限公司 一种磁盘保护方法、装置及设备
CN112148201A (zh) * 2019-06-26 2020-12-29 龙芯中科技术有限公司 数据写入方法、装置及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2228350A (en) * 1989-01-19 1990-08-22 Strahlen Umweltforsch Gmbh Memory protection against unauthorised access
GB2230881A (en) * 1989-04-28 1990-10-31 Christopher William Cowsley Data storage protection
WO1991013403A1 (en) * 1990-02-21 1991-09-05 Rodime Plc Method and apparatus for controlling access to and corruption of information in computer systems

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2222899B (en) * 1988-08-31 1993-04-14 Anthony Morris Rose Securing a computer against undesired write operations or from a mass storage device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2228350A (en) * 1989-01-19 1990-08-22 Strahlen Umweltforsch Gmbh Memory protection against unauthorised access
GB2230881A (en) * 1989-04-28 1990-10-31 Christopher William Cowsley Data storage protection
WO1991013403A1 (en) * 1990-02-21 1991-09-05 Rodime Plc Method and apparatus for controlling access to and corruption of information in computer systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO9309495A1 *

Also Published As

Publication number Publication date
CA2123001A1 (en) 1993-05-13
WO1993009495A1 (en) 1993-05-13
EP0614553A1 (de) 1994-09-14
JPH07500935A (ja) 1995-01-26

Similar Documents

Publication Publication Date Title
EP0614553A4 (de) Rechnerspeicherschutz.
US5144660A (en) Securing a computer against undesired write operations to or read operations from a mass storage device
CN107066311B (zh) 一种内核数据访问控制方法与系统
US7665123B1 (en) Method and apparatus for detecting hidden rootkits
EP0815510B1 (de) Verfahren zum schutz von ausführbaren softwareprogrammen gegen infektion durch softwareviren
US5396609A (en) Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions
US5657473A (en) Method and apparatus for controlling access to and corruption of information in computer systems
US7636872B2 (en) Threat event-driven backup
US20040003321A1 (en) Initialization of protected system
US6016536A (en) Method for backing up the system files in a hard disk drive
WO2011076464A1 (en) Method and system for protecting an operating system against unauthorized modification
EP3682332B1 (de) Verfahren und vorrichtung zum löschen oder schreiben von flash-daten
JPS58139400A (ja) デ−タの取出防止制御機構
EP0436365B1 (de) Verfahren und System zur Sicherung von Datenendgeräten
CN109214204B (zh) 数据处理方法和存储设备
US6920566B2 (en) Secure system firmware by disabling read access to firmware ROM
EP0560277A1 (de) Verfahren und Gerät zur Lese- und Schreibkontrolle der Festplatte eines Mikrorechners
GB2231418A (en) Computer viruses
CN1053507C (zh) 计算机硬盘读写控制装置
AU2923392A (en) Computer memory protection
WO2022105610A1 (zh) 一种数据保护的方法、装置、存储介质和计算机设备
WO1993002419A1 (en) Protection system for computers
US20030131112A1 (en) Computer firewall system
EP2883185B1 (de) Vorrichtung und verfahren zur sicherung gespeicherter daten
JPS63317975A (ja) 磁気ディスク装置のライトプロテクト機構

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19940603

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB NL

A4 Supplementary search report drawn up and despatched

Effective date: 19940912

AK Designated contracting states

Kind code of ref document: A4

Designated state(s): DE FR GB NL

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 19950601