WO2002019064A2 - Method and system for preventing unwanted alterations of data and programs stored in a computer system - Google Patents

Method and system for preventing unwanted alterations of data and programs stored in a computer system Download PDF

Info

Publication number
WO2002019064A2
WO2002019064A2 PCT/CA2001/001239 CA0101239W WO0219064A2 WO 2002019064 A2 WO2002019064 A2 WO 2002019064A2 CA 0101239 W CA0101239 W CA 0101239W WO 0219064 A2 WO0219064 A2 WO 0219064A2
Authority
WO
WIPO (PCT)
Prior art keywords
dhw
file
dsp
storage device
cpu
Prior art date
Application number
PCT/CA2001/001239
Other languages
French (fr)
Other versions
WO2002019064A3 (en
Inventor
Conleth Buckley
Original Assignee
Conleth Buckley
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Conleth Buckley filed Critical Conleth Buckley
Priority to AU2001287444A priority Critical patent/AU2001287444A1/en
Priority to CA002420889A priority patent/CA2420889A1/en
Publication of WO2002019064A2 publication Critical patent/WO2002019064A2/en
Publication of WO2002019064A3 publication Critical patent/WO2002019064A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • the present invention relates generally to computer systems, and more specifically to a method and system for preventing the unwanted alteration of data and programs stored in a computer system.
  • computer viruses pose a serious threat to the secure storage of computer data.
  • the term computer virus generally relates to any software code which has been designed to enter a computer and perform an undesired function. Once this code has entered a computer, that computer is said to have been "infected" by the virus.
  • Computers are most often infected by viruses as a result of introducing software code which has virus code buried within it.
  • This software is typically introduced via an input device such as a disk drive, or via a communication network such as the Internet. Once the software code containing the virus is executed, the virus is activated.
  • a virus cait Upon being activated, a virus cait perform a wide variety of functions. These functions can consist of relatively harmless functions such as posting an unwanted message on one's monitor or adding additional words to an existing document. These functions, however, can also be very serious and may include occupying all available memory or destroying data and programs stored on the computer or on the hard drive.
  • viruses have been made to try to limit and prevent the damage caused by computer viruses.
  • the most common method of detecting and removing viruses is via anti- virus software packages.
  • These anti-virus programs known as virus scanners, detect viruses by searching for binary signatures (patterns of code) of known viruses. Upon detection of a virus the user is notified and the virus is removed.
  • virus scanning software One limitation of virus scanning software is that the virus protection offered is reactive. That is to say, a virus can only be detected once the binary signature of a particular virus is known and added to the viras-scanning database. Thus, users are not offered any protection against newly created viruses.
  • DHW Downloadable hardware. The design file that describes the hardware attributes.
  • DSP Secure downloadable platform. The hardware where the DHW is loaded.
  • PKS A password key system which consists of one or more of the following methods of limiting access to the DSP and/or the storage device protected by the DSP: a series of reads or writes to a series of locations in the storage device; the timing of these writes; challenge/response where the writes depend on the values read. It also includes using any one or more of the following methods: sharing secret knowledge; probabilistic challenges; multi-level passwords; and a one time pad. A feature of this method is that there are many pieces of secret information required to access a storage device.
  • PASS CODE Is the string that the users send to the application program, e.g. a password
  • PKS is the method that describes the interaction between the apphcation programs and the DSP.
  • ONE TIME PAD A sequence of secret numbers which the anti-virus application program uses to identify itself to the DSP.
  • RANGE A sequence of blocks for which a particular access applies.
  • ACCESS The manner of actions that can occur to the blocks specified in a range; these actions may be one or more of the following: ability to write the block; read the block; translate the read or write from one block to another; to cause an interrupt Control Section: one or more blocks where instructions are passed from the CPU to the DSP.
  • One aspect of the invention is described as a method for preventing unwanted alterations of data and programs stored in a computer system comprising the steps of: obtaining a pass code; implementing a profile to prescribe the treatment of at least one command signal in response to the PKS obtained; monitoring data transferred between a CPU and a storage device for a cornmarid signal and; responding to at least one command signal based on the implemented profile.
  • Another aspect of the invention is defined as a system for preventing unwanted alterations of data and programs stored in a computer system
  • a computer system comprising: A central processing unit (CPU); a secure platform circuit (DSP); a storage device; the DSP being operable to: obtain a pass code; the DSP being operable to: implement a profile to prescribe the treatment of at least one command signal in response to the pass code obtained; monitor data transferred between the CPU and the storage device; respond to the at least one command signal based on the implemented profile.
  • CPU central processing unit
  • DSP secure platform circuit
  • Another aspect of the invention is defined as a secure computer platform for down-loadable hardware (DHW) comprising die steps of: monitoring for the reception of a DHW file; determining whether the DHW file is permitted to be installed in response to receiving the DHW file; installing the DHW file in response to determining tiiat the DHW file is permitted to be installed.
  • DHW down-loadable hardware
  • Another aspect of the invention is defined as a system for providing a secure computer platform for down-loadable hardware comprising: a central processing unit (CPU); a secure platform circuit (DSP); the CPU being operable to: monitor for the reception of a DHW file; determine whether the DHW file is permitted to be installed in response to receiving the DHW file; the DSP being operable to: install the DHW file in response to determining that the DHW file is permitted to be installed.
  • CPU central processing unit
  • DSP secure platform circuit
  • Figure 1 is a block diagram of a computer system as known in the prior art
  • Figure 2 is a block diagram of a system for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention
  • Figure 3 is a flow chart of a method for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention
  • Figure 4 is a flow chart of a method for updating information stored in the protected area of a hard disk in a preferred embodiment of the invention
  • Figure 5 is a flow chart of a method for providing a secure computer platform for downloadable hardware in an embodiment of the invention
  • Figure 6 is a flow chart of a method for providing a secure computer platform for downloadable hardware in a preferred embodiment of the invention. Detailed Description of the Invention
  • the present invention is directed to a method and system for preventing the unwanted alteration of data and programs stored in a computer system which substantially obviates one or more of the problems due to limitations and disadvantages of the related art.
  • FIG. 1 shows a computer system 100 as is well known in the prior art.
  • Figure 1 shows various input 102, output 104, network communication 106 and storage 108 devices physically linked to a central processing unit (CPU) 110.
  • CPU central processing unit
  • a virus similar to any other software application, is merely a list of instructions which can be carried out by the CPU. Thus, if these instructions include deleting data stored on the computer's hard disk (a storage device), that function will be performed. This is because the instructions provided by a virus are indecipherable to the CPU from those provided by legitimate software applications. Thus, if the CPU is unable to detect the existence of a virus there is nothing to prevent its instruction from being effected.
  • FIG. 2 A block diagram of an embodiment of the present system is shown in Figure 2.
  • the system itself 200 includes a central processing unit (CPU) 202, downloadable secure platform (DSP) 204 and a storage device 206.
  • the DSP 204 includes circuitry capable of carrying out the method steps of the present invention.
  • Said circuitry includes flash memory 208 and a field programmable gate array (FPGA) 210.
  • An FPGA is a programmable logic chip which includes numerous arrays of logic block functions and logic gates.
  • the FPGA is programmable to perform a variety of complex functions by modifying the manner in which said gates are interconnected.
  • the flash memory 208 is utilized to store information necessary for programming the FPGA.
  • the flash memory 208 loads the FPGA 210 with the appropriate circuit design for implementing the methodology of die application and including the invention.
  • the storage device 206 included in the system is a hard disk drive.
  • the present invention is not limited to employing a hard disk drive and could include any means for storing data including: PDA (personal digital assistant); cell phones; biological storage; floppy disks, CD ROM's or zip disks to name a few.
  • the present invention is not limited to an FPGA and could also be implemented using an ASIC with some loss of capabilitiesit .
  • the metiiodology initiates at step 300 wherein a pass code is obtained from a variety of possible sources.
  • the pass code could be obtained by prompting an end user for pass code via a software system installed on said end user's computer.
  • the user may command an application program to transmit a PSK to the DSP.
  • the DSP only accepts PSK's, not user passcodes. PSK's can be very complex.
  • a PSK could be obtained remotely from an end user or an additional computer linked to the CPU via a communication network.
  • the DSP can be configured to allow access to some parts of the storage device, therefore, no PSK need be received by the DSP unless a change in profile, or other change is desired.
  • a PSK is a sequence of bits which are sent to the DSP at step 302, by transferring a sequence of bytes (groups of binary data) from the CPU to the storage device.
  • the PSK is used for identifying the various command signals which a CPU may send to the storage device. This list of available command signals which may be sent by the CPU to the storage device is known as a profile.
  • the CPU does not have to be aware that there is a DSP present. The CPU will access the storage device transparently as long as not access is made to a prohibited area.
  • the DSP Upon receiving a pass code the DSP then implements a profile to prescribe the treatment of command signals which can be passed to die storage device based on die PKS forwarded from the CPU 304. This is achieved by enabling the FPGA with a profile implementation associated with the PKS obtained. These various implementations which area associated with the various PKS codes are stored within the flash memory of the DSP or in the storage device.
  • a command signal can include any write or read signals directed to the storage device. Write and read signals being directions to save to or retrieve data from the storage device respectively.
  • the methodology Upon detecting the transfer of a command signal, the methodology continues at step 306 wherein the DSP responds to the command signal transferred based on the profile implemented within the DSP.
  • the DSP responds by allowing the command signal to be passed to the storage device. That is to say, the DSP becomes transparent.
  • the implemented profile does not allow for the desired command to be effected, the DSP can respond in a number of ways. First, the DSP can simply prevent the transfer of the command signal to the storage device. Additionally, the DSP can cause an interrupt to be sent back to the CPU to notify the end user, or other computers attached via a communication network, that the desired command is restricted.
  • the DSP could either deny access to die area, or, translate the address ranges to which the write signal is directed to an unprotected area of the storage device.
  • the DSP could translate the address ranges to which the read signal is directed to an unprotected area of the storage device, or could deny it and cause and interrupt.
  • This methodology can protect against the unwanted alterations of computer data and programs, particularly as the result of computer viruses, in the following ways.
  • the PKS serves the function of selecting a profile which determines die command signals a particular CPU will be allowed to send to its corresponding storage device.
  • the PKS serves the function of selecting a profile which determines die command signals a particular CPU will be allowed to send to its corresponding storage device.
  • one can prevent the unwanted alteration of data stored in a computer system by limited the various command signals which are forwarded to a computer's storage device. For example, by merely identifying a range of protected addresses and restricting write signals to these addresses, one can protect against the unwanted alteration of the data stored therein. This is because, as mentioned previously, a virus program operates by initiating a number of unwanted commands to a computer's storage device. If, therefore, a CPU's ability of initiate these commands are restricted, the command signals within a virus will be similarly restricted.
  • the PKS concept could also be utilized to minimize any damage caused by a virus where multiple persons or computers share a single storage device. This could be achieved by providing numerous users of a particular computer, or various computers on a network, with distinct pass codes, which implies distinct PKS for the DSP. The different pass codes could then be used to restrict the user's or computer's, access to particular commands and areas with respect to the storage device. The access any particular user would have to the storage device would be stored within the user's or computer's particular profile. Each user may have many profiles and many PKS which will be managed by an application program. For example, the range of addresses to which each end user or computer could write to can be limited.
  • Additional levels of protection could also be achieved in the system by varying the means by which a pass code is obtained. For example, each attempt to enter a pass code or PKS could be monitored. Therefore, the number of pass code or PKS attempts could be limited to a prescribed value. Thus, snooping viruses, which attempt to bypass security systems by trying all permutations of a particular code, could be guarded against. As an additional level of security the length of the pass code could be increased or the complexity of the PKS could be increased in the event a snooping virus is detected. This would increase the number of permutations and add an additional level of protection against said snooping viruses. Similarly, snooping viruses could be prevented by requiring the pass code to be entered within a particular time period.
  • a timer into the process of obtaining a pass code or PKS.
  • a clock could be incorporated into the process of obtaining a pass code or PKS. Said clock would serve the purpose of limiting the validity of a pass code or PKS to certain time periods. For example said clock could be used to limit the validity of a pass code or PKS to one particular time period (e.g. Jan 1, 2000) or to a recurring time period (e.g. working hours).
  • a secondary pass code This secondary pass code would provide an end user, or computer on a network, with the abihty to modify the pass code necessary to access their particular profile.
  • the secondary pass code feature woidd be beneficial in that a pass code or PKS could be modified in the event of detecting a failed pass code attempt. Multiple passwords could also be used to enable the system.
  • a challenge response system is yet another alternative.
  • a challenge response system operating between the anti-virus application program and the DSP is one by which the program is challenged to return a value when given a number.
  • the challenge response cycle may be repeated a number of times for security.
  • a "one time" pass code could be utilized. That is to say, a different pass code is required each time the circuitry is accessed.
  • circuitry could also be configured to "learn" the locations of programs to protect This is useful when said system is employed in an operating system which does not know the actual locations of data stored on the computer's storage device. This achieved by writing a start file and an end file marker to the beginning and end of the data which is being protected. Thus the hardware can be made aware of the range of the files to protect.
  • a method for updating the information stored within a protected area of the computer's storage device.
  • the method initiates at step 400 wherein the FPGA is implanted witii a profile (PI) which allows one to read part of the contents of the storage device.
  • the profile is then changed to one that allows writing to a temporary area within the storage device (P2).
  • a new file e.g. a new software application
  • a copy of the existing data to be overwritten is then written to the temporary area as well 406.
  • the FPGA is then implemented with the original profile (PI) to ensure that the data copied to the temporary area is correct 408.
  • the FPGA is implemented with a third profile (P3) which allows one to overwrite files which have been recently copied to the temporary area 410.
  • P3 a third profile
  • the new files are then copied to the protected area previously occupied by the files to be overwritten 412.
  • the FPGA is then programmed with the original profile (PI) to ensure the files have been properly updated 414.
  • the methodology terminates with the FPGA being programmed with P2 such that the old files can be deleted if necessary 416.
  • a methodology fpr providing a secure platform for downloadable hardware is shown in another embodiment of the present invention.
  • a methodology for providing a secure platform for downloadable hardware is shown in another embodiment of the present invention.
  • the methodology presented in Figure 5 initiates at step 500 wherein the CPU monitors various input or network communication devices for the reception of a DHW file. Upon receiving a DHW file, the CPU then determines whether the DHW file is permitted to be installed in the DSP 502. In a preferred embodiment of the invention this step of determining whether the DHW is permitted to be installed occurs by umtizing a series of Keys and encryptions. An example of a Key and encryption algorithm employed in a preferred embodiment of the invention is described below in further detail with respect to Figure 6. The methodology terminates at step 504, wherein the DHW file is installed in the DSP in response to determining that said DHW is permitted to be installed.
  • this methodology ensures that the only DHW files capable of being installed in one's DSP are those which are intended for that particular DSP.
  • this methodology is beneficial in that it provides a secure means for updating the implementation stored in the DSP.
  • the PKS provides a method so that incorrect access to a particular lock within a predetermined number of attempts, or/and time, causes the current PSK to be voided and a new longer identity string and a new longer password assigned. This process is repeated as many times as is desired. This implies that the probability of breaking the lock gets worse with repeated trials and at the same time the probability that die lock could be made un- openable goes down.
  • a flow chart outlining the steps of the key and encryption algorithm utilized in a preferred embodiment of the present invention is shown in Figure 6.
  • the methodology initiates at step 600 wherein a completed DHW file is made into an electronic file (FI).
  • a key (Kl ) is then attached to the electronic file (FI) to create a new electronic file (F2) 602.
  • a key is a secret password which includes a series of characters for restricting an end user's access to an electronic file.
  • the first key (Kl) serves the purposes of ensuring each (F2) is unique based on the DSP it is targeted for. This prevents the wrong, or virus contaminated, DHW form reaching the DSP.
  • a second key (K2) is then utilized to encrypt the electronic file (F2) 604.
  • said file could be encrypted using any number of encryption engines.
  • Each DSP could have a different encryption engine.
  • a third key (K3) is then employed by the DSP to allow the encrypted electronic file F2 to be transferred to a hard-disk protected configuration area (HDCA) via the DSP 606.
  • the HDCA is a temporary storage within the storage device utilized for purpose of storing the DHW file while it is being authorized.
  • This third key (K3) is merely a pass code, utilized by the DSP, allowing the F2 to be written to the HDPA.
  • the encrypted electronic file is then decrypted using the second key (K2) 608. This key would have to be provided to an end user to decrypt the encrypted electronic file (F2).
  • the first key (Kl) is extracted from the file leaving only the original electronic file (FI) 610.
  • the first key (Kl) is the compared to a key stored with the particular DSP circuitry 612. If the key supposed with the electric file (FI) matches that stored within the DSP circuitry, the file (FI) is installed in the DSP 614. This occurs by the DSP retrieving the decrypted filed (FI) from the HDPA and installing said file (FI) into the flash memory 208. As mentioned previously, the flash memory would then program the FPGA with the new implementations as specified in the electronic file (FI).
  • the key referred to in the preferred embodiment is not limited to a single password including a series of characters for enabling a user to access the electronic file.
  • Said Key could also include a series of transactions wherein various nit (as opposed to bytes) are sent to the DSP form the CPU on a periodic basis.
  • the above methodology is used for the purpose of updating DHW for virus protection.
  • said methodology could be easily adapted to provide a secure platform for downloading any DHW.
  • the preferred embodiment of the hardware of the invention is to build the DSP in the disk storage device circuit board or disk storage assembly.

Abstract

The present invention relates to a method and system for preventing the unwanted alteration of data and programs stored within a computer system. The system employs a field programmable gate array to control access to a storage device. Different profiles can be accessed through the use of passwords. Different profiles provide different control parameters for access to the storage device. The gate array can be reprogrammed from time to time using downloadable electronic files. Security is achieved in the download by using keys and encryption techniques.

Description

METHODAND SYSTEMFORPREVENTINGUNWANTEDALTERATIONS OF DATAANDPROGRAMSSTOREDINACOMPUTERSYSTEM
Field of the Invention
The present invention relates generally to computer systems, and more specifically to a method and system for preventing the unwanted alteration of data and programs stored in a computer system.
Background of the Invention
It is well known that computer viruses pose a serious threat to the secure storage of computer data. The term computer virus generally relates to any software code which has been designed to enter a computer and perform an undesired function. Once this code has entered a computer, that computer is said to have been "infected" by the virus.
Computers are most often infected by viruses as a result of introducing software code which has virus code buried within it. This software is typically introduced via an input device such as a disk drive, or via a communication network such as the Internet. Once the software code containing the virus is executed, the virus is activated.
Upon being activated, a virus cait perform a wide variety of functions. These functions can consist of relatively harmless functions such as posting an unwanted message on one's monitor or adding additional words to an existing document. These functions, however, can also be very serious and may include occupying all available memory or destroying data and programs stored on the computer or on the hard drive.
Various attempts have been made to try to limit and prevent the damage caused by computer viruses. The most common method of detecting and removing viruses is via anti- virus software packages. These anti-virus programs, known as virus scanners, detect viruses by searching for binary signatures (patterns of code) of known viruses. Upon detection of a virus the user is notified and the virus is removed. One limitation of virus scanning software is that the virus protection offered is reactive. That is to say, a virus can only be detected once the binary signature of a particular virus is known and added to the viras-scanning database. Thus, users are not offered any protection against newly created viruses.
A need exists, therefore, for an improved system for preventing the unwanted alteration of computer data and programs.
EXPLANATION OF TERMS:
DHW: Downloadable hardware. The design file that describes the hardware attributes.
DSP: Secure downloadable platform. The hardware where the DHW is loaded.
PKS : A password key system which consists of one or more of the following methods of limiting access to the DSP and/or the storage device protected by the DSP: a series of reads or writes to a series of locations in the storage device; the timing of these writes; challenge/response where the writes depend on the values read. It also includes using any one or more of the following methods: sharing secret knowledge; probabilistic challenges; multi-level passwords; and a one time pad. A feature of this method is that there are many pieces of secret information required to access a storage device.
PASS CODE: Is the string that the users send to the application program, e.g. a password, whereas the PKS is the method that describes the interaction between the apphcation programs and the DSP. ONE TIME PAD: A sequence of secret numbers which the anti-virus application program uses to identify itself to the DSP.
RANGE: A sequence of blocks for which a particular access applies.
ACCESS: The manner of actions that can occur to the blocks specified in a range; these actions may be one or more of the following: ability to write the block; read the block; translate the read or write from one block to another; to cause an interrupt Control Section: one or more blocks where instructions are passed from the CPU to the DSP.
Summary of the Invention
It is therefore an object of the invention to provide a method and system which obviates or mitigates at least one of the disadvantages described above.
One aspect of the invention is described as a method for preventing unwanted alterations of data and programs stored in a computer system comprising the steps of: obtaining a pass code; implementing a profile to prescribe the treatment of at least one command signal in response to the PKS obtained; monitoring data transferred between a CPU and a storage device for a cornmarid signal and; responding to at least one command signal based on the implemented profile.
Another aspect of the invention is defined as a system for preventing unwanted alterations of data and programs stored in a computer system comprising: A central processing unit (CPU); a secure platform circuit (DSP); a storage device; the DSP being operable to: obtain a pass code; the DSP being operable to: implement a profile to prescribe the treatment of at least one command signal in response to the pass code obtained; monitor data transferred between the CPU and the storage device; respond to the at least one command signal based on the implemented profile. Another aspect of the invention is defined as a secure computer platform for down-loadable hardware (DHW) comprising die steps of: monitoring for the reception of a DHW file; determining whether the DHW file is permitted to be installed in response to receiving the DHW file; installing the DHW file in response to determining tiiat the DHW file is permitted to be installed.
Another aspect of the invention is defined as a system for providing a secure computer platform for down-loadable hardware comprising: a central processing unit (CPU); a secure platform circuit (DSP); the CPU being operable to: monitor for the reception of a DHW file; determine whether the DHW file is permitted to be installed in response to receiving the DHW file; the DSP being operable to: install the DHW file in response to determining that the DHW file is permitted to be installed.
The following features, methods and advantages are facilitated by the present invention:
Prevention of write and/or read to certain blocks of the device or system;
Control of access to storage devices by means of passwords;
Detection that the device or system has been "hacked";
Definition of userprofiles to permit different levels of access to device (e.g. disk) or system;
Use of passwords to: (a) select profiles; (b) permit a series of "writes" to a series of locations in storage device; (c) timing of the "writes"; (d) "writing challenges;
Providing passwords embedded in random sequences of bytes and check summing the password,
Password challenges partially driven by the system and partially by the user;
Providing the concept of, and enabling, downloadable hardware;
Serialization of product within the downloadable hardware with an encrypted password in order to change configuration; - Providing a "one time pad" password security; Making data invisible by prohibiting block needs to certain areas;
Making data invisible by returning data from a different block other than the one targeted; and
Interrupting computer system where access violation is detected.
Brief Description of the Drawings
These and other features of the invention will become more apparent from the following description in which reference is made to the appended drawings in which:
Figure 1 is a block diagram of a computer system as known in the prior art;
Figure 2 is a block diagram of a system for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention;
Figure 3 is a flow chart of a method for preventing unwanted alterations of data stored in a computer system in an embodiment of the invention;
Figure 4 is a flow chart of a method for updating information stored in the protected area of a hard disk in a preferred embodiment of the invention;
Figure 5 is a flow chart of a method for providing a secure computer platform for downloadable hardware in an embodiment of the invention;
Figure 6 is a flow chart of a method for providing a secure computer platform for downloadable hardware in a preferred embodiment of the invention. Detailed Description of the Invention
The present invention is directed to a method and system for preventing the unwanted alteration of data and programs stored in a computer system which substantially obviates one or more of the problems due to limitations and disadvantages of the related art.
The reason viruses can perform these unwanted functions is best understood with reference to Figure 1. That figure shows a computer system 100 as is well known in the prior art. In particular Figure 1 shows various input 102, output 104, network communication 106 and storage 108 devices physically linked to a central processing unit (CPU) 110. The CPU
110 performs the various functions of the computer system as specified by various software applications. These functions include directing the operation of the various devices connected to the CPU. A virus, similar to any other software application, is merely a list of instructions which can be carried out by the CPU. Thus, if these instructions include deleting data stored on the computer's hard disk (a storage device), that function will be performed. This is because the instructions provided by a virus are indecipherable to the CPU from those provided by legitimate software applications. Thus, if the CPU is unable to detect the existence of a virus there is nothing to prevent its instruction from being effected.
A block diagram of an embodiment of the present system is shown in Figure 2. The system itself 200, includes a central processing unit (CPU) 202, downloadable secure platform (DSP) 204 and a storage device 206. The DSP 204 includes circuitry capable of carrying out the method steps of the present invention. Said circuitry includes flash memory 208 and a field programmable gate array (FPGA) 210. An FPGA is a programmable logic chip which includes numerous arrays of logic block functions and logic gates. The FPGA is programmable to perform a variety of complex functions by modifying the manner in which said gates are interconnected. As will be apparent to one skilled in die art, the flash memory 208 is utilized to store information necessary for programming the FPGA. Upon the powering of the DPS, the flash memory 208 loads the FPGA 210 with the appropriate circuit design for implementing the methodology of die application and including the invention. In a preferred embodiment of the invention the storage device 206 included in the system is a hard disk drive. The present invention, however, is not limited to employing a hard disk drive and could include any means for storing data including: PDA (personal digital assistant); cell phones; biological storage; floppy disks, CD ROM's or zip disks to name a few.
The present invention, however, is not limited to an FPGA and could also be implemented using an ASIC with some loss of capabilit .
A methodology for preventing unwanted alterations of data and programs stored in a computer system, in an embodiment of the invention, is shown in Figure 3. The metiiodology initiates at step 300 wherein a pass code is obtained from a variety of possible sources. For example the pass code could be obtained by prompting an end user for pass code via a software system installed on said end user's computer. The user may command an application program to transmit a PSK to the DSP. The DSP only accepts PSK's, not user passcodes. PSK's can be very complex. Similarly, a PSK could be obtained remotely from an end user or an additional computer linked to the CPU via a communication network.
The DSP can be configured to allow access to some parts of the storage device, therefore, no PSK need be received by the DSP unless a change in profile, or other change is desired. A PSK is a sequence of bits which are sent to the DSP at step 302, by transferring a sequence of bytes (groups of binary data) from the CPU to the storage device. As will be explained below, the PSK is used for identifying the various command signals which a CPU may send to the storage device. This list of available command signals which may be sent by the CPU to the storage device is known as a profile. The CPU does not have to be aware that there is a DSP present. The CPU will access the storage device transparently as long as not access is made to a prohibited area. Upon receiving a pass code the DSP then implements a profile to prescribe the treatment of command signals which can be passed to die storage device based on die PKS forwarded from the CPU 304. This is achieved by enabling the FPGA with a profile implementation associated with the PKS obtained. These various implementations which area associated with the various PKS codes are stored within the flash memory of the DSP or in the storage device.
The methodology continues at step 306 wherein the DSP monitors data being transferred between the CPU 202 and the storage device 206 for a command signal. A command signal can include any write or read signals directed to the storage device. Write and read signals being directions to save to or retrieve data from the storage device respectively.
Upon detecting the transfer of a command signal, the methodology continues at step 306 wherein the DSP responds to the command signal transferred based on the profile implemented within the DSP. In the event that the implemented profile allows for the command to be effected, the DSP responds by allowing the command signal to be passed to the storage device. That is to say, the DSP becomes transparent. If, on the other hand, the implemented profile does not allow for the desired command to be effected, the DSP can respond in a number of ways. First, the DSP can simply prevent the transfer of the command signal to the storage device. Additionally, the DSP can cause an interrupt to be sent back to the CPU to notify the end user, or other computers attached via a communication network, that the desired command is restricted. Alternatively, in the event of a write signal, the DSP could either deny access to die area, or, translate the address ranges to which the write signal is directed to an unprotected area of the storage device. In the event of a read signal, the DSP could translate the address ranges to which the read signal is directed to an unprotected area of the storage device, or could deny it and cause and interrupt.
This methodology can protect against the unwanted alterations of computer data and programs, particularly as the result of computer viruses, in the following ways. First, as mentioned previously the PKS serves the function of selecting a profile which determines die command signals a particular CPU will be allowed to send to its corresponding storage device. Thus, one can prevent the unwanted alteration of data stored in a computer system by limited the various command signals which are forwarded to a computer's storage device. For example, by merely identifying a range of protected addresses and restricting write signals to these addresses, one can protect against the unwanted alteration of the data stored therein. This is because, as mentioned previously, a virus program operates by initiating a number of unwanted commands to a computer's storage device. If, therefore, a CPU's ability of initiate these commands are restricted, the command signals within a virus will be similarly restricted.
Taking this metiiodology one step further, it is seen that the PKS concept could also be utilized to minimize any damage caused by a virus where multiple persons or computers share a single storage device. This could be achieved by providing numerous users of a particular computer, or various computers on a network, with distinct pass codes, which implies distinct PKS for the DSP. The different pass codes could then be used to restrict the user's or computer's, access to particular commands and areas with respect to the storage device. The access any particular user would have to the storage device would be stored within the user's or computer's particular profile. Each user may have many profiles and many PKS which will be managed by an application program. For example, the range of addresses to which each end user or computer could write to can be limited.
Additional levels of protection could also be achieved in the system by varying the means by which a pass code is obtained. For example, each attempt to enter a pass code or PKS could be monitored. Therefore, the number of pass code or PKS attempts could be limited to a prescribed value. Thus, snooping viruses, which attempt to bypass security systems by trying all permutations of a particular code, could be guarded against. As an additional level of security the length of the pass code could be increased or the complexity of the PKS could be increased in the event a snooping virus is detected. This would increase the number of permutations and add an additional level of protection against said snooping viruses. Similarly, snooping viruses could be prevented by requiring the pass code to be entered within a particular time period. That is to say, one could incorporate a timer into the process of obtaining a pass code or PKS. Furthermore, a clock could be incorporated into the process of obtaining a pass code or PKS. Said clock would serve the purpose of limiting the validity of a pass code or PKS to certain time periods. For example said clock could be used to limit the validity of a pass code or PKS to one particular time period (e.g. Jan 1, 2000) or to a recurring time period (e.g. working hours). Additionally, one could incorporate a secondary pass code. This secondary pass code would provide an end user, or computer on a network, with the abihty to modify the pass code necessary to access their particular profile. The secondary pass code feature woidd be beneficial in that a pass code or PKS could be modified in the event of detecting a failed pass code attempt. Multiple passwords could also be used to enable the system. A challenge response system is yet another alternative. A challenge response system operating between the anti-virus application program and the DSP is one by which the program is challenged to return a value when given a number. The challenge response cycle may be repeated a number of times for security. A "one time" pass code could be utilized. That is to say, a different pass code is required each time the circuitry is accessed.
As an additional feature, the circuitry could also be configured to "learn" the locations of programs to protect This is useful when said system is employed in an operating system which does not know the actual locations of data stored on the computer's storage device. This achieved by writing a start file and an end file marker to the beginning and end of the data which is being protected. Thus the hardware can be made aware of the range of the files to protect.
Referring to Figure 4 a method is provided for updating the information stored within a protected area of the computer's storage device. The method initiates at step 400 wherein the FPGA is implanted witii a profile (PI) which allows one to read part of the contents of the storage device. At step 402 the profile is then changed to one that allows writing to a temporary area within the storage device (P2). A new file (e.g. a new software application), which is intended to be stored on the storage device, is then written to the temporary area on the storage device 404. A copy of the existing data to be overwritten is then written to the temporary area as well 406. The FPGA is then implemented with the original profile (PI) to ensure that the data copied to the temporary area is correct 408. Once the copied files have been confirmed, the FPGA is implemented with a third profile (P3) which allows one to overwrite files which have been recently copied to the temporary area 410. The new files are then copied to the protected area previously occupied by the files to be overwritten 412. The FPGA is then programmed with the original profile (PI) to ensure the files have been properly updated 414. Finally, the methodology terminates with the FPGA being programmed with P2 such that the old files can be deleted if necessary 416.
Although in the preferred embodiment of the invention these actions take place on a real time basis, it is noted that the invention is not limited in this manner. Rather, the changing of profiles could be delayed, from the action of writing files, such that a snooping virus could not detect that access to the protected area will soon follow. This prevents a snooping virus from writing to the storage device without being detected.
As an additional safeguard, one should note that the process of updating files could be performed by circuitry independent of the CPU. This would, therefore, prevent any snooping program from ever writing to the storage device as said device would only be unprotected when the DSP is performing a copy. This is because the CPU would be prevented from accessing the storage device when the DSP is performing any copies to the storage device. Thus, the unwanted alteration of computer data, particularly those files when are permanent, could not result from a command of the CPU.
Referring now to Figure 5, a methodology fpr providing a secure platform for downloadable hardware (DHW) is shown in another embodiment of the present invention. Referring now the Figure 5, a methodology for providing a secure platform for downloadable hardware (DHW) is shown in another embodiment of the present invention.
The methodology presented in Figure 5 initiates at step 500 wherein the CPU monitors various input or network communication devices for the reception of a DHW file. Upon receiving a DHW file, the CPU then determines whether the DHW file is permitted to be installed in the DSP 502. In a preferred embodiment of the invention this step of determining whether the DHW is permitted to be installed occurs by umtizing a series of Keys and encryptions. An example of a Key and encryption algorithm employed in a preferred embodiment of the invention is described below in further detail with respect to Figure 6. The methodology terminates at step 504, wherein the DHW file is installed in the DSP in response to determining that said DHW is permitted to be installed.
The benefit of this methodology is that it ensures that the only DHW files capable of being installed in one's DSP are those which are intended for that particular DSP. In the context of the present invention, i.e. providing virus protection, this methodology is beneficial in that it provides a secure means for updating the implementation stored in the DSP.
The PKS provides a method so that incorrect access to a particular lock within a predetermined number of attempts, or/and time, causes the current PSK to be voided and a new longer identity string and a new longer password assigned. This process is repeated as many times as is desired. This implies that the probability of breaking the lock gets worse with repeated trials and at the same time the probability that die lock could be made un- openable goes down.
From time to time new implementations could be made available to end users. The new implementations could be provided by downloading said implementations via an input or communication network device. This methodology provides a secure platform for installing DHW as it prevents any unwanted DHW from being downloaded directiy into the DSP by the CPU. Each DSP will have its own unique key and serial number.
A flow chart outlining the steps of the key and encryption algorithm utilized in a preferred embodiment of the present invention is shown in Figure 6. The methodology initiates at step 600 wherein a completed DHW file is made into an electronic file (FI). A key (Kl ) is then attached to the electronic file (FI) to create a new electronic file (F2) 602. A key is a secret password which includes a series of characters for restricting an end user's access to an electronic file. The first key (Kl) serves the purposes of ensuring each (F2) is unique based on the DSP it is targeted for. This prevents the wrong, or virus contaminated, DHW form reaching the DSP. A second key (K2) is then utilized to encrypt the electronic file (F2) 604. As wfll be apparent to one skilled in the art of computer data encryption, said file could be encrypted using any number of encryption engines. Each DSP could have a different encryption engine. A third key (K3) is then employed by the DSP to allow the encrypted electronic file F2 to be transferred to a hard-disk protected configuration area (HDCA) via the DSP 606. The HDCA is a temporary storage within the storage device utilized for purpose of storing the DHW file while it is being authorized. This third key (K3) is merely a pass code, utilized by the DSP, allowing the F2 to be written to the HDPA. The encrypted electronic file is then decrypted using the second key (K2) 608. This key would have to be provided to an end user to decrypt the encrypted electronic file (F2). After the file (F2) us decrypted the first key (Kl) is extracted from the file leaving only the original electronic file (FI) 610. The first key (Kl) is the compared to a key stored with the particular DSP circuitry 612. If the key supposed with the electric file (FI) matches that stored within the DSP circuitry, the file (FI) is installed in the DSP 614. This occurs by the DSP retrieving the decrypted filed (FI) from the HDPA and installing said file (FI) into the flash memory 208. As mentioned previously, the flash memory would then program the FPGA with the new implementations as specified in the electronic file (FI).
One should note that the key referred to in the preferred embodiment is not limited to a single password including a series of characters for enabling a user to access the electronic file. Said Key could also include a series of transactions wherein various nit (as opposed to bytes) are sent to the DSP form the CPU on a periodic basis.
In the preferred embodiment of the invention the above methodology is used for the purpose of updating DHW for virus protection. One can readily see, however, that said methodology could be easily adapted to provide a secure platform for downloading any DHW.
The preferred embodiment of the hardware of the invention is to build the DSP in the disk storage device circuit board or disk storage assembly.
It will be apparent to those skilled in the art that various modifications and variations can be made in the implementation of the present invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

Claims

WHAT IS CLAIMED IS:
1. A method for preventing the unwanted alteration of data and programs stored in a computer system comprising the steps of:
Obtaining a pass code;
Implementing a profile to prescribe the treatment of at least one command singal in response to said code obtained;
Monitoring data transferred between a CPU and a storage device for said at least one command signal; Responding to said at least one command signal based on said implemented profile.
2. A system for preventing the unwanted alteration of data and programs stored in a computer system comprising:
A central processing unit (CPUT); A secure platform circuit (DSP); A storage device; Said CPU being operable to:
Obtain a pass code Said DSP being operable to: Implement a profile to prescribe the treatment of at least one command signal in response to said pass code obtained;
Monitor data transferred between said CPU and said storage device;
Respond to said at least one command signal based on said implemented profile.
3. A method for providing a secure computer platform for down-loadable hardware designs (DHW) comprising the steps of: Monitoring for the reception of a DHW file; Determining whether said DHW file is permitted to be installed in response to receiving said DHW file; stalling said DHW file in response to determining that said DHW file is permitted to be installed.
4. A system for providing a secure computer platform for down-loadable hardward (DHW) comprising:
A central processing unit (CPU); A secure platform circuit (DSP); Said CPU being operable to:
Monitor for the reception of a DHW file;
Determine whether said DHW file is permitted to be installed in response to receiving said DHW file; Said DSP being operable to:
Install said DHW file in response to determining that said DHW file is permitted to be installed.
PCT/CA2001/001239 2000-09-01 2001-08-31 Method and system for preventing unwanted alterations of data and programs stored in a computer system WO2002019064A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001287444A AU2001287444A1 (en) 2000-09-01 2001-08-31 Method and system for preventing unwanted alterations of data and programs stored in a computer system
CA002420889A CA2420889A1 (en) 2000-09-01 2001-08-31 Method and system for preventing unwanted alterations of data and programs stored in a computer system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US22985900P 2000-09-01 2000-09-01
US60/229,859 2000-09-01

Publications (2)

Publication Number Publication Date
WO2002019064A2 true WO2002019064A2 (en) 2002-03-07
WO2002019064A3 WO2002019064A3 (en) 2003-04-24

Family

ID=22862948

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2001/001239 WO2002019064A2 (en) 2000-09-01 2001-08-31 Method and system for preventing unwanted alterations of data and programs stored in a computer system

Country Status (3)

Country Link
AU (1) AU2001287444A1 (en)
CA (1) CA2420889A1 (en)
WO (1) WO2002019064A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086005A1 (en) * 2004-03-05 2005-09-15 Secure Systems Limited Partition access control system and method for controlling partition access
WO2015092817A1 (en) * 2013-12-20 2015-06-25 Cyient Limited A system and method for securing an industrial control system
US9237171B2 (en) 2011-08-17 2016-01-12 Mcafee, Inc. System and method for indirect interface monitoring and plumb-lining
US9483645B2 (en) * 2008-03-05 2016-11-01 Mcafee, Inc. System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
EP0851358A2 (en) * 1996-12-31 1998-07-01 Sun Microsystems, Inc. Processing system security
WO1999021094A2 (en) * 1997-10-20 1999-04-29 Quickflex, Inc. Reconfigurable secure hardware apparatus and method of operation
EP0945775A2 (en) * 1998-03-16 1999-09-29 Fujitsu Limited Storing apparatus and password control method
EP0949556A2 (en) * 1998-04-08 1999-10-13 Fujitsu Limited Access control method, storage apparatus and storage medium
WO1999056428A1 (en) * 1998-04-27 1999-11-04 Motorola Inc. Apparatus and method of reading a program into a processor

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
EP0851358A2 (en) * 1996-12-31 1998-07-01 Sun Microsystems, Inc. Processing system security
WO1999021094A2 (en) * 1997-10-20 1999-04-29 Quickflex, Inc. Reconfigurable secure hardware apparatus and method of operation
EP0945775A2 (en) * 1998-03-16 1999-09-29 Fujitsu Limited Storing apparatus and password control method
EP0949556A2 (en) * 1998-04-08 1999-10-13 Fujitsu Limited Access control method, storage apparatus and storage medium
WO1999056428A1 (en) * 1998-04-27 1999-11-04 Motorola Inc. Apparatus and method of reading a program into a processor

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086005A1 (en) * 2004-03-05 2005-09-15 Secure Systems Limited Partition access control system and method for controlling partition access
US8397026B2 (en) 2004-03-05 2013-03-12 Secure Systems Limited Partition access control system and method for controlling partition access
US9483645B2 (en) * 2008-03-05 2016-11-01 Mcafee, Inc. System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code
US9237171B2 (en) 2011-08-17 2016-01-12 Mcafee, Inc. System and method for indirect interface monitoring and plumb-lining
WO2015092817A1 (en) * 2013-12-20 2015-06-25 Cyient Limited A system and method for securing an industrial control system
KR20160138374A (en) * 2013-12-20 2016-12-05 웨스팅하우스 일렉트릭 컴퍼니 엘엘씨 A system and method for securing an industrial control system
CN106462137A (en) * 2013-12-20 2017-02-22 西屋电气有限责任公司 A system and method for securing an industrial control system
KR102251600B1 (en) * 2013-12-20 2021-05-12 웨스팅하우스 일렉트릭 컴퍼니 엘엘씨 A system and method for securing an industrial control system

Also Published As

Publication number Publication date
WO2002019064A3 (en) 2003-04-24
CA2420889A1 (en) 2002-03-07
AU2001287444A1 (en) 2002-03-13

Similar Documents

Publication Publication Date Title
CN1185584C (en) Use method of safety cipher in nonsafety programming environment
US7716743B2 (en) Privacy friendly malware quarantines
EP3779745B1 (en) Code pointer authentication for hardware flow control
AU2008203454A1 (en) Systems & Methods for Preventing Unauthorized Use of Digital Content
AU2001292910A1 (en) Systems and methods for preventing unauthorized use of digital content
JP2006134307A (en) System and method for aggregating knowledge base of antivirus software applications
US10970421B2 (en) Virus immune computer system and method
WO2007084263A2 (en) Creating a relatively unique environment for computing platforms
US7266688B2 (en) Methods for improved security of software applications
US20100211992A1 (en) Data security apparatus
GB2384885A (en) System and method for protection of data stored on a storage medium device
US20210382985A1 (en) Virus immune computer system and method
US10592697B1 (en) Virus immune computer system and method
US10614232B2 (en) Storing and using multipurpose secret data
CN111868723A (en) Virus immunization computer system and method
WO2002019064A2 (en) Method and system for preventing unwanted alterations of data and programs stored in a computer system
US20210004472A1 (en) Storing and using multipurpose secret data
Skormin et al. Detecting Malicious Codes by the Presence of Their “Gene of Self-replication”
Piromsopa et al. Defeating buffer-overflow prevention hardware
KR102321497B1 (en) System and method for proventing malware
WO2023140826A1 (en) Device and methods for protecting computer systems against unauthorized access
EP1637959A2 (en) Systems and methods for preventing unauthorized use of digital content
CN115917542A (en) Data protection system
da Silveira Serafim et al. Restraining and repairing file system damage through file integrity control
Rabaiotti Counter intrusion software: Malware detection using structural and behavioural features and machine learning

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2420889

Country of ref document: CA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP