JPH07500935A - computer memory protection - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

[Detailed description of the invention] computer memory protection Background of the invention Furthermore, some virus programs change their characteristic program "suddenly". This allows such programs to be modified using normal software techniques. It is known that it can be used to make it undetectable.

Another antivirus program uses interrupt commands to intended to interfere with the intended operation of the virus. However, this known program program is not always effective against some viruses, and Completely ineffective against Luz.

US Patent No. 5,144,660 (and Australian equivalent) Application No. 40095/89) is intended to protect combiators against viruses. Unwanted writing and reading of data on the computer's hard disk This section describes a method for computer security against operations. This method A logic circuit is provided between the disk controller and the read/write head of the disk drive. , in response to such decoding, reads or writes from the disk drive. control the calculation of

However, the protection technique according to U.S. Patent No. 5.14/1.660 has several unique to correct the shortcomings of First, the logic circuit or controller is provided between the Therefore, only read or write protection for all/links on the disk is possible.

That is, it is not possible to distinguish between multiple sectors within a disk/link. stomach.

For example, disk printer 01 head 01 sector 1 is usually Contable is removed and the rest of the sector is unused. This conventional/stem is Requires only one sector to be protected as a precaution against virus programs All sectors of the /link need to be protected even when moreover,/ Lifter 01 head 1, sector 1 is normally allocated to the masked DOS boot record. 7 linter O, head 1, sector 2 is usually a file allocation controller. It is a table. Mask DOS block instead of file allocation/contable Even if you wish to protect your tore foot, this traditional method is does not allow for such distinctions within data.

Second, this conventional method and apparatus requires only a disk controller and read/write head. Not suitable for computers/systems that are provided as one unit.

Third, separate cables are provided for control and data signals; The protection device of U.S. Patent No. 5,144,660 tracks the cylinder being addressed. You need a counter to do this.

Fourth, this conventional protection device requires that the signal sent by the CPU to the disk controller, For example, it is not possible to distinguish between light commands and "low hell" format commands. .

The write protection device is located between the controller and the disk so that the controller can control whether you are writing a file or executing a low-level format command. They cannot be distinguished because they both give the same signal that exits.

The purpose of the present invention is to prevent unwanted information, data or programs such as viruses from Improved Apparatus and Method for Preventing Writing to Computer Data Storage It is to provide law.

Summary of the invention In one broad form, the invention provides a computer with a CPU and a controller for storage. an unwanted write of data to one or more selected portions of the computer's storage device. Provide a device to prevent this. The device includes an anti-light device. This light protects A storage device is one or more of the above storage devices that are not intended to have data written to them. a storage means containing the address of a selected portion of and a write to said storage device; A decoding means for reading the command address and this write address as described above. comparator means for comparing with the address of the selected portion and responsive to the output of this comparator means; and disabling means for disabling the write command. . And, this write prevention device is coupled between the CPU and the above controller. It is characterized by.

Preferably, the decoding means also detect low-level formatting commands. These commands are similar to write commands to protected sectors. will be stopped.

In another form, the invention provides a computer comprising a CPU and a controller for storage. to prevent unwanted writes of data to one or more selected portions of the data storage device. provide a method for This method: (a) data that is not intended to be written; , select one or more selected portions of the above storage device, and enter the address of this portion. (b) the address of the write command from the above CPU to the above controller; and (C) set this write address to the address of the preselected part above. (d) has an address corresponding to said preselected portion. step (a) of disabling the write command; ~(d) is performed by a protection device coupled between the CPU and the above controller. Ru.

Also preferably, low-level format commands are detected and disabled. be made into a person.

The term "data" refers to data stored in electrical or magnetic form on a storage device. Aim for information or programs that you can do.

Typically, the storage device mentioned above is a computer hard disk, but The sector or address of the disk, floppy disk, ptsf, RAM, etc. Any available non-volatile storage device may be used.

The above memory is write-protected by software means, so it is secure. / The stem is not auto-written by software, and is There's no 41.

Uses hardware to write data to a preselected portion of a storage device. These parts of the storage device are effectively read-only. It becomes a memory, and data is read or written in front of the 0° storage device. This prevents all takes or writes on the selected part, so viruses (such as , is hindered, regardless of its composition or operational mode. Because such Will The device cannot reside in a preselected portion of the storage device. be.

One effect of the present invention is that each partial power (separate be protected by the public. However, if the storage device is individual sectors of a given/link can be protected. Logic circuit (well, writea) Decode the address and write it to the stored address of the sector that will be write protected. An attempt to write to a sector is detected by comparing it with the current value. too ``If a write to a protected sector is attempted, the write command is disabled. That is, the write command is prevented from reaching the controller. given or invalidated. However, if a write to an unprotected sector is attempted, If so, the write command indicates that the sector is the same as the protected sector. Although it may be in the cylinder, it is allowed to execute.

A virus program is typically inserted into a machine's disk drive ( computer switch using Flo, Pidisk (with Luz program) When it is installed, it is usually moved to the boot sector of the computer's hard disk. It will be done. In a preferred embodiment of the invention, the boot sector and the partition area All sectors in are permanently prohibited from writing. In other words, computer hardware These parts of the hard disk usually contain data or programs. Always selected to prevent

If other parts of the storage device are prohibited from writing, the addresses of these parts are Lookup tables, ie, can be stored in non-volatile memory. light command The address of the command is then used to check whether the write command is executed or not. It is also compared with the address in the lookup table.

Since the light protection device of this invention is inserted between the CPU and the controller, the level of You can selectively prevent format commands and other commands from being executed. There is an effect.

For a more complete understanding and implementation of the invention, preferred embodiments thereof are shown in the accompanying drawings. explained with reference to.

Brief description of the drawing FIG. 1 shows a write protection circuit of one embodiment of the present invention coupled to a computer system. FIG.

Figure 2 is a circuit diagram of a portion of the write protection circuit of Figure 1 for a fixed memory section. be.

Figure 3 is a circuit diagram of a portion of the write protection circuit of Figure 1 for selectable memory portions. be.

Description of the preferred embodiment The write protection circuit of the described embodiments is implemented in a memory device or storage device, typically monitors all commands sent to the hard disk. These commands Place the read/light head or pond mechanism in the enclosure area, i.e. the hard drive. Move the disk to a certain sector. In particular, this light protection device is compatible with light commands and Detect format commands.

The write protection device tracks these sector commands and sets the write address in advance. Selected address and/or address and ratio in lookup table to determine if the write command is acceptable. If the write address is correspond to a specified sector or a sector listed in the lookup table. If the write protection circuit, e.g., allows that command to reach the enclosure Disables the write command by not doing so. low level former commands are also disabled. However, all read commands are not affected. Not possible.

As shown in the drawings, particularly in FIG. 1, the write protection circuit 10 can be implemented on the card. , the CPU, and the controller for the hard disk (or other storage device) of the computer. connected between. Plugins and/or The combination of the Bigiba and the wire allows for quick and easy installation on the computer. do.

The write protection device pulls out the memory data bus and removes the hard disk from the CPU. monitor commands to controllers for These commands read, write , format, recalibrate, verify ( verify), reset, and identify commands Including de. Recalibration plate, write, format and reset commands is detected. One sector in the hard disk is the controller of the hard disk device. Selected by writing a value to the register in read/write, de, Select a track or cylinder and the required sector on that cylinder. Ru.

As shown in more detail in Figure 2, commands on the data bus are The instruction decoder 11 receives write commands or low-level commands. Detects format commands and gives appropriate output. This command also Registers 12-I5 preconfigured to detect preselected values sent to. In the illustrated example, these values represent the hard disk partition. It corresponds to all sectors of the storage area and the boot sector. (Participant Area is cylinder o1 head 0 and all sectors on that /cylinder/head. Bu The target sectors are cylinder 0, head 1, and sector l. ) registers 12-15 The sector of the command address sent to AN if it corresponds to one of the sector addresses representing the area or boot sector The output of D gate 2 or AND gate 3 is at high level, therefore the OR gate The output of port 4 is also at a high level. From the output of OR gate 4 and instruction decoder 11 AND operation)E is performed by the AND gate 5 from the write command.

The output of the AND gate 5 is inverted by the inverter 9 and is inverted by the AND gate 6. An AND operation with the system write command is performed. The output of AND gate 6 (H DIOW) is sent to the storage controller. Thus, if the command address corresponds to one of the preset addresses in latches 12-15. If so, the write command is prevented from reaching the storage controller.

If the output of the AND gate 5 becomes a high level, the alarm 8 will cause a blip. An attempt was made to write to the protected area of the disk, triggered by flop 7. shows. If alarm 8 is triggered, the NQ output of flip-flop 7 will be at a low level. All write commands are latched to the A It is stopped by the ND gate. This acts as a failsafe and Preventing further damage when the protected area is threatened.

Jumper switch J2 is connected to the input of AND gate 5 and is connected to the input of the AND gate 5, e.g. To effectively short-circuit a write protection mechanism when a write to an address is required. Jumper Suey Switch J2 is preferably operable with a key.

If other sectors of the hard disk are prohibited from writing, the The head data cylinder/sector address can be set using EPROM, EEPROM, or battery. Lookups in non-volatile memory such as backed-up static RAM can be stored in the output table and connected to OR gate 4 via jumper switch J1. Ru. As shown in Figure 3, the 1 MB EEPROM 160 has write protection. is provided to store the location of the sector that has been updated.

Each command address is processed by a suitable comparator means such as a programmable logic array. is compared with the address of the previously selected sector. The output of the comparison is It is sent to the human power of OR gate 4 via gloss switch J1. Therefore, also If the command address is participant area, boot sector, or looka Any of the preselected addresses listed in the top table 160 If the output of AND gate 5 corresponds to 6 (7) The output (to controller a) is low level and therefore from the CPU write commands (IOWs) are effectively prevented from reaching the storage controller. Ru.

The output of the AND gate 5 and the FORMAT COMMAND output of the decoder 11 are The output of the OR gate 10 is connected to the inverter 9 and the alarm 8. connected to. In this way, any physical drive connected to the controller Prevents any low-level format commands from reaching the hard drive. This also triggers the alarm 8. Therefore, reference to the illustrated embodiment The iM location protects against low-level formats and supports write commands. allow.

In summary, the illustrated embodiment of the write protection device is compatible with the hard disk controller. It also monitors read/write commands in parallel and typically sends all commands to the controller. allow to reach. However, if a write command is issued and the read/write When the head is located in a limited sector, this write command This prevents writing to the protected area. low level Format commands are also blocked separately from write commands.

One effect of this light protection system is that it is difficult to judge the validity of light commands. There is no deterioration in operation because there is no overflow during the time required for .

Although the above description describes only one embodiment of the present invention, in the following claims. Variations obvious to those skilled in the art may be made to the invention without departing from the scope of the invention as defined. It can be done against the light. For example, this light protection device can described with particular reference to, but any storage system based on the sector type format Can be used for systems.

Decoder 11 also indicates that other selected commands have been disabled. It can be transformed to detect.

International investigation report - N11111 White - 1 force nNaPCTIAUG2100594 International Search Report 1-ion″1°pP″″’N″Per/AU? UOO5N International search report -〇io++al*ppl+cs+wmN.

PC′rl＾υ12/1111594 Ding’his Annexliststheknown”A”publication nlevelpalenlfamilymembersre attack≠Kazumashi■KoshijoR e,paterr+documentscitedintheaboVe-me nllonedir+lffn1lionllkihreport, The＾u+ +ralinPa狽■獍狽nrncen+nnowaytablefort hese pan+curars which are merely giv en　(orthepurposeor+nfor high≠shield■ Form PCT/Is included 72101pm-Lmm+car y boat-resistant silk 1u+y 1 9921 eWffM

Claims (14)

[Claims] 1. one or more of the storage devices of a computer comprising a CPU and a controller for the storage device; A device for preventing undesired writing of data to selected portions of the The device is equipped with a write protection device, and this write protection device is used to prevent data from being written. address of one or more selected portions of the above storage device which are not intended to be Read the address of the write command for the storage device and the storage device mentioned above. a decoding means, comparator means for comparing this write address with the address of the selected portion above; , In response to the output of this comparator means, a and sable means; The light protection device is coupled between the CPU and the controller. device to do. 2. In the device according to claim 1, the storage device is a hard disk drive. A device that is a computer. 3. In the device stored in claim 2, the bar of the hard disk is The address of the partition area and the boot sector are stored in the above storage means in advance. device being installed. 4. In the storage device according to claim 3, the storage means further comprises: Other parts that have a backup table and write protection for the hard disks mentioned above. device whose addresses are stored in this lookup table. 5. In the device according to claim 1, the decoding means also comprises: , the format command can be detected, and this formatter can be used as the disabling method described above. A device that provides output to override the cut command. 6. In the device according to claim 1, the light protection device comprises: Additionally, a write-protected portion of said memory device in response to said comparator means. device comprising warning means for signaling an attempt to write to. 7. In the device as set forth in claim 6, the above warning means includes the above warning means. A device that is also triggered by the format aspect of the code means. 8. The apparatus recited in claim 1 further provides the above-mentioned device comprising means for disabling the operation of the light protection device. 9. In the device as claimed in claim 1, the disabling means comprises: , a device comprising logic switch means for preventing write commands from reaching said controller. . 10. A computer comprising a CPU, a storage device, controller means and control means for this memory. A light protection circuit used with a computer, which to said controller means addressed to a preselected portion of said memory. This write protection is provided with a disable means for disabling the write command. A protection circuit is arranged to be connected between said CPU and said controller means. A circuit characterized by: 11. The write protection circuit recited in claim 10 provides the above-mentioned method from the CPU. A decoding means for reading the address of the write command to the memory controller and a The stored address corresponding to the part of the above memory that is intended to be protected a comparator means for comparing the write address and the address to this stored address; and disabling means for disabling the written write command. . 12. The apparatus according to claim 10 further includes a format command. device comprising means for disabling the 13. 1 of a computer storage device comprising a CPU and a controller for the storage device A method for preventing undesired writing of data to a selected portion as described above, comprising: (a) a selection of one or more of the above storage devices to which data is not intended to be written; Select the selected part, memorize the address of this part, and (b) Read the address of the write command to the above controller, (c) Compare this write address with the address of the preselected part above. , (d) a write command with an address corresponding to the above preselected portion; disable the The above steps (a) to (d) are performed by a controller coupled between the CPU and the above controller. A method characterized in that the method is carried out by a protection device. 14. In the method set forth in claim 13, the method further includes: How to detect and disable format commands.