GB2402515A - Controlling write access of an application to a storage medium - Google Patents

Controlling write access of an application to a storage medium Download PDF

Info

Publication number
GB2402515A
GB2402515A GB0410766A GB0410766A GB2402515A GB 2402515 A GB2402515 A GB 2402515A GB 0410766 A GB0410766 A GB 0410766A GB 0410766 A GB0410766 A GB 0410766A GB 2402515 A GB2402515 A GB 2402515A
Authority
GB
United Kingdom
Prior art keywords
write access
application
write
response
storage medium
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0410766A
Other versions
GB2402515B (en
GB2402515A8 (en
GB0410766D0 (en
Inventor
Catherine Safa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0410766D0 publication Critical patent/GB0410766D0/en
Publication of GB2402515A publication Critical patent/GB2402515A/en
Publication of GB2402515A8 publication Critical patent/GB2402515A8/en
Application granted granted Critical
Publication of GB2402515B publication Critical patent/GB2402515B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

Write access to a storage medium is controlled by monitoring an application, detecting an attempt by the application to write data to the storage medium, interrogating a rules database in response to the detection to determine the write access allowed for the application, and controlling write access to the storage medium by the application in dependence on the interrogation. The write access may have one of three levels: i) no write access allowed, ii) full write access allowed and iii) write access allowed to a specified file extension. If write access is not allowed, a prompt may be displayed requesting a response from a user. The user can respond to the prompt by choosing to allow or block the write access, or allowing write access to a specific file type. The user may choose to update the rules database with the chosen response.

Description

24025 1 5 Controlling Write Access of an Application to a Storage Medium
The present invention relates to a method of controlling the writing of datato a storage medium such as a hard drive in a computer system by an application running in a memory of the computer system.
The use of computers for Internet and other communication purposes, particularlyin relation to electronic mail and the downloading of applications over the Internet has led to the proliferation of so-called computer viruses. Whilst anti-virus programs have been developed to combat these, they can be relatively elaborate and expensive and usually operate to deal with an offending virus only after the operating system ofthe computer has been infected. There are so manyvariants of virus programs being released that anti-virus programs cannot identify new viruses quickly enough.
The present invention seeks to provides an improved method of preventing the infection of a computer by a virus program.
According to the present invention there is provided a method of controlling write access to a storage medium by monitoring an application; detecting an attempt bythe application to write data 1 5 to said storage medium; interrogating a rules database in response to said detection; and controlling write access to the storage medium by the application in dependence on said interrogation.
Preferably the interrogation comprises determining the write access allowed for the application and controlling the write access in dependence thereon.
Prcferablywrite access is controlled to one of apluralityoflevels, the levels including a first level in which no write access is allowed, a second level in which full write access is allowed, and a third level in which write access is only allowed for at least one specified file extension.
Preferably where write access is controlled to the first level, the method further includes generating a prompt on a display requesting response from a user.
Preferablythe user can respond to the prompt bychoosing from of anumberofpossibleresponses, the possible responses including a first response for allowing write access, a second response for blocking write access and a third response for allowing write access to a specific file type only.
Preferably the user can respond further by selecting from a plurality of further actions, the further actions including, storing the chosen response in the rules database; and applying the chosen response only for the current attempt by the application to write data to said storage medium.
The present invention is further described hereinafter, by way of example, with reference to the accompanying drawings, in which: Figure I is a process diagram showing the control of a write instruction of an application in accordance with a preferred method of the present invention; Figure 2 is a process diagram illustrating an action ofthe preferred method according to the present invention; and l 5 Figure 3 is a flow diagram of the preferred method.
Referring firstly to Figure 1, this shows an application 12 whichis running in a memory 14 of a computer system. The computer system also has a storage medium 16 which here is in the form of a hard drive or disc.
When the computer is first booted up it automatically loads an application 18 which is here termed as an "interceptor" program. This runs constantly in the background. As an alternative to being loaded on boot up ofthe computer, it can, of course, tee run et the user's prompt at anytime whilst the computer is operating.
When the application 12 attempts to write data to the disc 16 the interceptor program 18 detects this and interrogates a rules database 20 to determine the authority ofthe application 12 to write to the hard drive 16. The database 20 is preferably encrypted and lists applications approved by the user with their level of write access. The term data is used here in its general sense to include any form of data including programs. The preferred number of possible write access levels for an application is three, being as follows: Level O - this means that no write access to the hard drive 16 is allowed for the application 12.
Level 1 - this means that full write access is allowed.
Level 2 - the application is allowed write access to the hard drive 16 for specified file extensions l O only, for example ".doc" file extensions. The file extensions of data that can be written to the hard drive are also held in the database 20.
There are a number of rules which can be applied to the database 20 and these are controlled by a manager program 22 which can sit in the memory 14 alongside the interceptorprogram 18 and can also be run on start up of the computer or at any preferred time during operation of the interceptor program 18.
Figure 2 illustrates the interface ofthe manager program 22 with the rules database 20 and the system user.
When the interceptor program l 8 detects that the application 12 is attempting to write to the hard drive 16 it initiates the loading and execution ofthe manager program 22. The latter interrogates the rules database 20 to determine the access level of the application 12 and controls the interceptor program 18 to al low or prevent the write action in dependence on the relevant rule in the rules database 20. If the application 12 is not listed in the rules database 20 or the particular write instruction is not allowed, the manager program 22 can generate a prompt signal to be displayed on the computer screen, requiring the user to make a decision on whether or not to allow the write instruction. This prompt can have a number ofresponses fortheusertochoose, such es "Allow write access", "Block write access" and "Allow write access to this file type only'. Having chosen the response the user can also select one of a number of further actions as follows.
l Store the response in the rules database - The response is stored in the rules database as a further rule to be applied to that application on all future write actions.
2 Block once the write action - This prevents the requested write action for this occasion only and further write attempts by the application again result in a user prompt.
3 Allow once the write action - This allows the requested write action but any future write requests for the application again result in a user prompt.
Thus, for example, if the application 12 is attempting to write a file to the hard drive 16 with a particular file extension, the rules database 20 can be updated such that all future attempts by the application 12 to write files ofthat same extension to the hard drive 16 would be automatically allowed or prevented or result in farther user prompts.
The manager program 22 can also be loaded and executed by the user at start up of the computer or at any time in order to scan the hard drive 16 for programs to build a full rules database 20. The managerprogram 22 can also be prompted by the user to displaya list of programs within the rules database 20 with the access level of each program, giving the user the option to delete, add or modify each entry.
In figure 3 a flow diagram 30 is shown which illustrates the method followed on initiation 32 ofthe interceptorprogram 18. Once initialed the interceptor program 18 waits in amonitoring step 34 during which it monitors for any file write operation to the hard drive 16. In the absence of a file write operation, the interceptor program 18 remains in the monitoring step 34 and continues to check for a file write operation.
If a file write operation is detected then the interceptor program 18 proceeds to complete a series of rule checking steps 36. Initiallythe interceptor 18 checks if the application 12 making the write attempt is listed in the rules database 20. If the application 12 is not listed then the interceptor program 18 initiates the manager program 22 to allow the user to make a decision about the correct way in which to proceed. Otherwise, if the application 12 is listed then the interceptorprogram 18 proceeds to the next rule checking step.
On finding the application 12 listed in the rules database 20, the interceptor program 18 goes on to check if the write privileges ofthe application 12. itiallythe hard drive write privilege ofthe application 12 is checked. If the application 12 does not have privilege to write to the hard drive then write access is blocked. Otherwise, the interceptorprogram 18 checks if the application 12 has write privilege for the specific file type, which the write attempt has been made to. If the application 12 does have privilege to write to the specific file type then the write operation is allowed. Otherwise write access is blocked.

Claims (6)

  1. Claims I. A method of controlling write access to a storage medium by:
    monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and controlling write access to the storage medium by the application in dependence on said interrogation.
  2. 2. A method as claimed in claim 1 in which the interrogation comprises determining the write access allowed for the application and controlling the write access in dependence thereon.
    1 0
  3. 3. A method as claimed in claim 2 in which write access is controlled to one of a plurality of levels, the levels including a first level in which no write access is allowed, a second level in which full write access is allowed, and a third level in which write access is only allowed for at least one specified file extension.
  4. 4. A method as claimed in claim 3 in which where write access is controlled to the first level, the method further includes generating aprompt on adisplayrequesting response from a user.
  5. 5. A method as claimed in claim 4 in which the user can respond to the prompt by choosing from of a number of possible responses, the possible responses including a first response for al lowing write access, a second response for blocking write access and a third response for allowing write access to a specific file type only.
  6. 6. A method as claimed in claim 5 in which the user can respond further by selecting from a plurality of further actions, the further actions including, storing the chosen response in the rules database; and applying the chosen response only for the current attempt by the application to write data to said storage medium.
GB0410766A 2003-05-20 2004-05-14 Controlling write access of an application to a storage medium Active GB2402515B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0311537A GB0311537D0 (en) 2003-05-20 2003-05-20 Controlling write access of an application to a storage medium

Publications (4)

Publication Number Publication Date
GB0410766D0 GB0410766D0 (en) 2004-06-16
GB2402515A true GB2402515A (en) 2004-12-08
GB2402515A8 GB2402515A8 (en) 2007-09-05
GB2402515B GB2402515B (en) 2007-10-24

Family

ID=9958396

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0311537A Ceased GB0311537D0 (en) 2003-05-20 2003-05-20 Controlling write access of an application to a storage medium
GB0410766A Active GB2402515B (en) 2003-05-20 2004-05-14 Controlling write access of an application to a storage medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0311537A Ceased GB0311537D0 (en) 2003-05-20 2003-05-20 Controlling write access of an application to a storage medium

Country Status (1)

Country Link
GB (2) GB0311537D0 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070130433A1 (en) * 2005-12-01 2007-06-07 Rogue Concept, Ltd. System and method to secure a computer system by selective control of write access to a data storage medium
GB2457305A (en) * 2008-02-11 2009-08-12 Symbian Software Ltd Controlling access to system resources using script and application identifiers
US7664924B2 (en) 2005-12-01 2010-02-16 Drive Sentry, Inc. System and method to secure a computer system by selective control of write access to a data storage medium
US10503418B2 (en) 2005-12-01 2019-12-10 Drive Sentry Limited System and method to secure a computer system by selective control of write access to a data storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993009498A1 (en) * 1991-10-28 1993-05-13 Sung Moo Yang Method and system protecting data in storage device against computer viruses
JPH0844630A (en) * 1994-08-03 1996-02-16 Nri & Ncc Co Ltd Device for controlling file access and method thereof
US5974549A (en) * 1997-03-27 1999-10-26 Soliton Ltd. Security monitor
KR20010044706A (en) * 2001-03-19 2001-06-05 이종우 Method and System for preventing Computer Virus Program
US6308274B1 (en) * 1998-06-12 2001-10-23 Microsoft Corporation Least privilege via restricted tokens
WO2003017682A2 (en) * 2001-08-13 2003-02-27 Qualcomm, Incorporated Application level access privilege to a storage area on a computer device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050843A1 (en) * 1997-05-02 1998-11-12 Network Associates, Inc. Process-level data security system
US6941470B1 (en) * 2000-04-07 2005-09-06 Everdream Corporation Protected execution environments within a computer system
JP2002182983A (en) * 2000-12-13 2002-06-28 Sharp Corp Method for controlling access to database, database unit, method for controlling access to resources and information processor

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993009498A1 (en) * 1991-10-28 1993-05-13 Sung Moo Yang Method and system protecting data in storage device against computer viruses
JPH0844630A (en) * 1994-08-03 1996-02-16 Nri & Ncc Co Ltd Device for controlling file access and method thereof
US5974549A (en) * 1997-03-27 1999-10-26 Soliton Ltd. Security monitor
US6308274B1 (en) * 1998-06-12 2001-10-23 Microsoft Corporation Least privilege via restricted tokens
KR20010044706A (en) * 2001-03-19 2001-06-05 이종우 Method and System for preventing Computer Virus Program
WO2003017682A2 (en) * 2001-08-13 2003-02-27 Qualcomm, Incorporated Application level access privilege to a storage area on a computer device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070130433A1 (en) * 2005-12-01 2007-06-07 Rogue Concept, Ltd. System and method to secure a computer system by selective control of write access to a data storage medium
US7664924B2 (en) 2005-12-01 2010-02-16 Drive Sentry, Inc. System and method to secure a computer system by selective control of write access to a data storage medium
US9600661B2 (en) * 2005-12-01 2017-03-21 Drive Sentry Limited System and method to secure a computer system by selective control of write access to a data storage medium
US10503418B2 (en) 2005-12-01 2019-12-10 Drive Sentry Limited System and method to secure a computer system by selective control of write access to a data storage medium
GB2457305A (en) * 2008-02-11 2009-08-12 Symbian Software Ltd Controlling access to system resources using script and application identifiers

Also Published As

Publication number Publication date
GB2402515B (en) 2007-10-24
GB2402515A8 (en) 2007-09-05
GB0410766D0 (en) 2004-06-16
GB0311537D0 (en) 2003-06-25

Similar Documents

Publication Publication Date Title
US9021584B2 (en) System and method for assessing danger of software using prioritized rules
US6766458B1 (en) Testing a computer system
US20070130433A1 (en) System and method to secure a computer system by selective control of write access to a data storage medium
US7748039B2 (en) Method and apparatus for detecting malicious code in an information handling system
US7664924B2 (en) System and method to secure a computer system by selective control of write access to a data storage medium
US20050081053A1 (en) Systems and methods for efficient computer virus detection
US20090038011A1 (en) System and method of identifying and removing malware on a computer system
US20050021994A1 (en) Pre-approval of computer files during a malware detection
US20030023866A1 (en) Centrally managed malware scanning
US8875165B2 (en) Computing device having a DLL injection function, and DLL injection method
US7047369B1 (en) Software application environment
US9043812B2 (en) Dynamic rule management for kernel mode filter drivers
US11321455B2 (en) Protecting a computer device from escalation of privilege attacks
US20100153671A1 (en) System and method to secure a computer system by selective control of write access to a data storage medium
JP4733509B2 (en) Information processing apparatus, information processing method, and program
CN105335197A (en) Starting control method and device for application program in terminal
US8230116B2 (en) Resumption of execution of a requested function command
US20160217289A1 (en) System and method for controlling hard drive data change
US20210224398A1 (en) Managing the loading of sensitive modules
US11507675B2 (en) System, method, and apparatus for enhanced whitelisting
US7620983B1 (en) Behavior profiling
GB2402515A (en) Controlling write access of an application to a storage medium
US20080114956A1 (en) System and method to secure a computer system by selective control of write access to a data storage medium
US11893113B2 (en) Return-oriented programming protection
US8788845B1 (en) Data access security

Legal Events

Date Code Title Description
S13A Application for inventor to be mentioned (section 13(1)/patents act 1977)

Free format text: APPLICATION FILED; APPLICATION FOR A PERSON TO BE MENTIONED AS INVENTOR UNDER RULE 10(2) BY JOHN SAFA, FILED ON 29 MAY 2014

S13A Application for inventor to be mentioned (section 13(1)/patents act 1977)

Free format text: APPLICATION FOR A PERSON TO BE MENTIONED AS INVENTOR UNDER RULE10(2) BY JOHN SAFA FILED ON 29 MAY2014 NOT PROCEEDED WITH ON 02 JANUARY 2015.

S13C Application for inventor not to be mentioned (section 13(3) patents act 1977)

Free format text: APPLICATION FOR A PERSON NOT TO BE MENTIONED AS INVENTOR UNDER SECTION 13(3) BY JOHN SAFA FILED ON 29 MAY 2014 NOT PROCEEDED WITH ON 02 JANUARY 2015.

732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20160728 AND 20160803

732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20160811 AND 20160817