EP0614553A4 - Rechnerspeicherschutz. - Google Patents
Rechnerspeicherschutz.Info
- Publication number
- EP0614553A4 EP0614553A4 EP19920923327 EP92923327A EP0614553A4 EP 0614553 A4 EP0614553 A4 EP 0614553A4 EP 19920923327 EP19920923327 EP 19920923327 EP 92923327 A EP92923327 A EP 92923327A EP 0614553 A4 EP0614553 A4 EP 0614553A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- write
- controller
- address
- memory
- disabling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
Definitions
- the invention is directed to a method and apparatus for preventing the unauthorised writing of data to selected portions of a memory device, such as a hard disc of a computer.
- the invention is particularly useful for preventing "virus” programmes becoming resident in a computer memory device.
- viruses are unwanted programmes which are designed to interfere with the normal or intended operation of a computer. Although some viruses may only be mischievous in their operation, many viruses are written with malicious intent to cause serious damage, for example by destroying valuable data on a hard disc or otherwise rendering such data irretrievable. The damage caused by such computer viruses can be catastrophic.
- Any virus regardless of its effect, is a threat to the security of a computer system.
- Significant costs and downtime are incurred in searching for, and eradicating, virus programmes which may have found their way into a computer memory, and replacing lost data and programmes.
- viruses pose a serious threat to all computer systems, large or small.
- virus detection techniques have been proposed. Such techniques are normally software-based. Typically, an anti-virus programme attempts to detect the presence of a virus in a computer memory, such as a hard disc, by searching for a characteristic string of binary digits which identifies the virus. However, such software techniques are not effective for all known viruses. Further, some virus programmes are known to "mutate” and alter their characteristic string, thereby making such programmes virtually undetectable using conventional software techniques. Another known anti-virus programme seeks to foil the intended operation of the virus by trapping interrupt commands. However, this known programme is not always effective against some viruses, and completely ineffective against others.
- U.S. patent no. 5,144,660 (and its equivalent Australian patent application no. 40095/89) describes a method of securing a computer against undesired write operations to, or read operations from, a hard disc of the computer in order to protect the computer against viruses. This method involves interposing logic circuitry between the disc controller and the read/write head(s) of the disc drive, decoding control signals between the controller and the disc drive and, in response to such decoding, controlling the write or read operations from the disc drive.
- the prior art method and apparatus are not suitable for computer systems in which the disc controller and the read/write head(s) are formed as a single unit.
- the prior art protection apparatus cannot differentiate between signals sent by the CPU to the disc controller, e.g. between write commands and "low level" format commands.
- the write protection device was positioned between the controller and the disc, it was impossible to tell whether the controller was writing data or doing a low level format command as both give the same signals leaving the controller.
- the present invention provides apparatus for preventing the unwanted writing of data to selected portion(s) of a memory device of a computer having a CPU and a controller for the memory device, the apparatus comprising a write protection device having memory means containing the address(es) of selected portion(s) of the memory to which data is not intended to be written; decoding means for reading the address of any write command to the memory device; comparator means for comparing the write address with the address(es) of the selected portion(s) and disabling means responsive to the output of the comparator means for disabling the write command, characterised in that the write protection device is connected between the CPU and the controller.
- the decoding means also detects low level format commands and these are stopped in the same manner as write commands to protected sectors.
- the present invention provides a method of preventing unwanted writing of data to selected portion(s) of a memory device of a computer having a CPU and a controller for the memory device, comprising the steps of
- steps (d) disabling those write commands having an address corresponding to the preselected portion(s), characterised in that steps (b)-(d) are performed by a write protection device connected between the CPU and the controller.
- low level format commands are also detected and disabled.
- data is intended to include any information or program which may be stored in electronic or magnetic format in the memory device.
- the memory device is the hard disc of a computer, but may be any other sectored or addressable non-volatile memory device, such as a laser disc, floppy disc, RAM, etc.
- a particular advantage of the present invention is that individual portions of the memory device corresponding to specific addresses can be protected separately.
- the memory device is a hard disc, individual sectors in a particular cylinder can be protected.
- the logic circuitry detects any attempt to write a particular sector by decoding the write address and comparing it with stored addresses of sectors to be write protected. If an attempt is made to write to a "protected" sector, the write command will be disabled, i.e. the write command will be prevented from reaching the controller or otherwise rendered ineffective. However, if an attempt is made to write to a sector which is not protected, the write command will be permitted to be executed even though that sector may be in the same cylinder as a protected sector.
- a virus programme normally is transferred to the boot sector of a hard disc of the computer, typically when the computer is switched on with a floppy disc (having the virus programme) inserted in a disc drive of the machine.
- the boot sector, and all the sectors in the partition area are permanently write barred. That is, these, portions of the hard disc of the computer would normally always be selected to prevent the writing of any data or programme thereto. If other portions of the memory device are to be write barred, the addresses of these portions can be stored in a look-up table, e.g. in non-volatile memory. The address of any write command can then be compared also with the addresses in the look-up table to ascertain whether the write command will be carried out.
- the write protection device of this invention is inserted between the CPU and the controller, it has the advantage of being able to selectively prevent other commands, such as low level format commands from being executed.
- FIG. 1 is a circuit diagram illustrating the write protection circuit of an embodiment of this invention connected to a computer system
- Fig. 2 is a circuit diagram of part of the write protection circuit of Fig. 1 for fixed memory portions; and Fig. 3 is a circuit diagram of part of the write protection device of Fig. 1 for selectable memory portions.
- the write protection circuit of the illustrated embodiment monitors all commands sent to the controller for the memory or storage device, typically a hard disc. These commands will move the read/write head or other mechanism to a particular portion of the storage device, e.g. to a particular sector of the hard disc. In particular, the write protection device detects write and format commands.
- the write protection device tracks these sector commands and compares the write addresses with preselected addresses and/or addresses in a look-up table to determine whether a write command is permissible. If the write address corresponds to a preset sector or a sector listed in the look-up table, the write protection circuit disables the write command, e.g. by not permitting the command to reach the storage device. Low level format commands are also disabled. All read commands however, are unaffected. As illustrated in the drawings, particularly
- the write protection device 10 can be mounted on a card and interconnected between the CPU and the controller of the hard disc (or other storage device) of a computer. Plug-in and/or piggy-back connections connected to the input and output of the card allow quick and simple installation in the computer.
- the write protection device taps into the memory data bus to monitor the commands from the CPU to the controller for the hard disc. These commands may include read, write, format, recalibrate, verify, reset and identify commands. The recalibrate, write, format and reset commands are detected. A sector within the hard disc is selected by writing values to registers in the hard drive controller to select a particular read/write head, a track or cylinder, and the required sector on that cylinder.
- the commands on the data bus are tracked by an instruction decoder 11 which detects any write or low level format commands and provides the appropriate output.
- the commands are also fed to registers 12-15 which have been preset to detect preselected values. In the illustrated embodiment, these values correspond to all sectors in the partition area, and the boot sector, of the hard disc. (The partition area is cylinder 0, head 0 and all the sectors on that cylinder/head. The boot sector is cylinder 0, head 1, sector 1).
- AND gate 5 is inverted by inverter 9, and ANDed with the system write command by AND gate 6, the output (HDIOW) of which is fed to the device controller.
- the command address corresponds to one of the preset addresses in latches 12- 15, the write command will be prevented from reaching the device controller. If the output of AND gate 5 goes high, an alarm
- flip-flop 7 indicating that an attempt has been made to write to a protected area of the disc. Once the alarm 8 has been triggered the output ⁇ Q of flip- flop 7 is latched low and all write commands are stopped by AND gate 6 regardless of their drive or sector. This acts as a fail safe to prevent further damage once the protected sectors are threatened.
- Jumper switch J2 is connected to the input of
- the jumper switch J2 may suitably be key operated.
- the head/cylinder/sector addresses of such sectors can be stored in a look-up table in non-volatile memory, such as an EPROM, EEPROM, or static RAM with battery backup, connected to the OR gate 4 via jumper switch Jl.
- non-volatile memory such as an EPROM, EEPROM, or static RAM with battery backup
- jumper switch Jl As illustrated in Fig. 3, a one Mbyte EEPROM 160 is provided to store the locations of the sectors to be write protected. These sectors can be varied by reprogra ⁇ uning the EEPROM 160.
- Each command address is compared with the addresses of the preselected sectors using suitable comparator means, such as a programmable logic array.
- the output of the comparison is fed via Jl to the input of OR gate 4.
- the write protection device of the illustrated embodiment monitors the read/write commands in parallel with the hard disc controller and will normally allow all commands to reach the controller. However, when a write command is issued, and the read/write heads have been positioned to the restricted sectors, the write command will be prevented from reaching the controller, thereby preventing writing to the protected sectors. Low level format commands can also be blocked separately from write commands.
- a particular advantage of the write protection system is that as there is no overhead in time required to check the validity of the write command, there is no degradation in performance.
- the write protection device is based wholly on hardware, it can be adapted to any software operating system.
- the decoder 11 can also be modified to detect other selected commands to be disabled.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPK929791 | 1991-11-05 | ||
AU9297/91 | 1991-11-05 | ||
PCT/AU1992/000594 WO1993009495A1 (en) | 1991-11-05 | 1992-11-05 | Computer memory protection |
Publications (2)
Publication Number | Publication Date |
---|---|
EP0614553A1 EP0614553A1 (de) | 1994-09-14 |
EP0614553A4 true EP0614553A4 (de) | 1994-10-26 |
Family
ID=3775801
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19920923327 Withdrawn EP0614553A4 (de) | 1991-11-05 | 1992-11-05 | Rechnerspeicherschutz. |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP0614553A4 (de) |
JP (1) | JPH07500935A (de) |
CA (1) | CA2123001A1 (de) |
WO (1) | WO1993009495A1 (de) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5483649A (en) * | 1994-07-01 | 1996-01-09 | Ybm Technologies, Inc. | Personal computer security system |
GB9605338D0 (en) | 1996-03-13 | 1996-05-15 | Arendee Ltd | Improvements in or relating to computer systems |
EP1063589A1 (de) * | 1999-06-25 | 2000-12-27 | TELEFONAKTIEBOLAGET L M ERICSSON (publ) | Gerät zur Datenverarbeitung und entsprechendes Verfahren |
GB2367386A (en) * | 2000-05-11 | 2002-04-03 | Time Computers Ltd | Security system for a hard disk |
US6629184B1 (en) * | 2000-05-18 | 2003-09-30 | Igt | Method and apparatus for inhibiting a selected IDE command |
US6738879B2 (en) | 2000-05-22 | 2004-05-18 | Seagate Technology Llc | Advanced technology attachment compatible disc drive write protection scheme |
US6813682B2 (en) | 2000-09-29 | 2004-11-02 | Steven Bress | Write protection for computer long-term memory devices |
EP1412879B1 (de) | 2001-06-29 | 2012-05-30 | Secure Systems Limited | Sicherheitssystem und verfahren für computer |
US7165137B2 (en) | 2001-08-06 | 2007-01-16 | Sandisk Corporation | System and method for booting from a non-volatile application and file storage device |
DE10239975A1 (de) * | 2002-07-09 | 2004-01-22 | Pütter, Paul Stefan, Dr. | Festplattencontroller |
US7082525B2 (en) | 2002-10-02 | 2006-07-25 | Sandisk Corporation | Booting from non-linear memory |
US7072211B2 (en) * | 2004-05-19 | 2006-07-04 | L-3 Integrated Systems Company | Systems and methods for write protection of non-volatile memory devices |
DE102005043043A1 (de) * | 2005-09-09 | 2007-03-22 | Fujitsu Siemens Computers Gmbh | Computer mit mindestens einer Anschlussmöglichkeit für ein Wechselspeichermedium und Verfahren zum Starten und Betreiben eines Computers mit einem Wechselspeichermedium |
WO2007104092A1 (en) * | 2006-03-15 | 2007-09-20 | Stargames Corporation Pty Limited | A method and arrangement for providing write protection for a storage device |
EP1926037A1 (de) * | 2006-11-27 | 2008-05-28 | Research In Motion Limited | System und Verfahren zur Steuerung des Zugriffs auf eine Speichervorrichtung eines elektronischen Geräts |
US7730253B2 (en) | 2006-11-27 | 2010-06-01 | Research In Motion Limited | System and method for controlling access to a memory device of an electronic device |
US8090904B2 (en) | 2008-02-01 | 2012-01-03 | Cru Acquisition Group, Llc | Reduced hard-drive-capacity detection device |
CN101996671B (zh) * | 2010-11-25 | 2013-09-04 | 研祥智能科技股份有限公司 | 一种磁盘保护方法、装置及设备 |
CN112148201A (zh) * | 2019-06-26 | 2020-12-29 | 龙芯中科技术有限公司 | 数据写入方法、装置及存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2228350A (en) * | 1989-01-19 | 1990-08-22 | Strahlen Umweltforsch Gmbh | Memory protection against unauthorised access |
GB2230881A (en) * | 1989-04-28 | 1990-10-31 | Christopher William Cowsley | Data storage protection |
WO1991013403A1 (en) * | 1990-02-21 | 1991-09-05 | Rodime Plc | Method and apparatus for controlling access to and corruption of information in computer systems |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2222899B (en) * | 1988-08-31 | 1993-04-14 | Anthony Morris Rose | Securing a computer against undesired write operations or from a mass storage device |
-
1992
- 1992-11-05 WO PCT/AU1992/000594 patent/WO1993009495A1/en not_active Application Discontinuation
- 1992-11-05 EP EP19920923327 patent/EP0614553A4/de not_active Withdrawn
- 1992-11-05 CA CA 2123001 patent/CA2123001A1/en not_active Abandoned
- 1992-11-05 JP JP5508045A patent/JPH07500935A/ja active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2228350A (en) * | 1989-01-19 | 1990-08-22 | Strahlen Umweltforsch Gmbh | Memory protection against unauthorised access |
GB2230881A (en) * | 1989-04-28 | 1990-10-31 | Christopher William Cowsley | Data storage protection |
WO1991013403A1 (en) * | 1990-02-21 | 1991-09-05 | Rodime Plc | Method and apparatus for controlling access to and corruption of information in computer systems |
Non-Patent Citations (1)
Title |
---|
See also references of WO9309495A1 * |
Also Published As
Publication number | Publication date |
---|---|
CA2123001A1 (en) | 1993-05-13 |
WO1993009495A1 (en) | 1993-05-13 |
EP0614553A1 (de) | 1994-09-14 |
JPH07500935A (ja) | 1995-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0614553A4 (de) | Rechnerspeicherschutz. | |
US5144660A (en) | Securing a computer against undesired write operations to or read operations from a mass storage device | |
CN107066311B (zh) | 一种内核数据访问控制方法与系统 | |
US7665123B1 (en) | Method and apparatus for detecting hidden rootkits | |
EP0815510B1 (de) | Verfahren zum schutz von ausführbaren softwareprogrammen gegen infektion durch softwareviren | |
US5396609A (en) | Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions | |
US5657473A (en) | Method and apparatus for controlling access to and corruption of information in computer systems | |
US7636872B2 (en) | Threat event-driven backup | |
US20040003321A1 (en) | Initialization of protected system | |
US6016536A (en) | Method for backing up the system files in a hard disk drive | |
WO2011076464A1 (en) | Method and system for protecting an operating system against unauthorized modification | |
EP3682332B1 (de) | Verfahren und vorrichtung zum löschen oder schreiben von flash-daten | |
JPS58139400A (ja) | デ−タの取出防止制御機構 | |
EP0436365B1 (de) | Verfahren und System zur Sicherung von Datenendgeräten | |
CN109214204B (zh) | 数据处理方法和存储设备 | |
US6920566B2 (en) | Secure system firmware by disabling read access to firmware ROM | |
EP0560277A1 (de) | Verfahren und Gerät zur Lese- und Schreibkontrolle der Festplatte eines Mikrorechners | |
GB2231418A (en) | Computer viruses | |
CN1053507C (zh) | 计算机硬盘读写控制装置 | |
AU2923392A (en) | Computer memory protection | |
WO2022105610A1 (zh) | 一种数据保护的方法、装置、存储介质和计算机设备 | |
WO1993002419A1 (en) | Protection system for computers | |
US20030131112A1 (en) | Computer firewall system | |
EP2883185B1 (de) | Vorrichtung und verfahren zur sicherung gespeicherter daten | |
JPS63317975A (ja) | 磁気ディスク装置のライトプロテクト機構 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 19940603 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE FR GB NL |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 19940912 |
|
AK | Designated contracting states |
Kind code of ref document: A4 Designated state(s): DE FR GB NL |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 19950601 |