[go: up one dir, main page]

WO1993013477A1 - Dispositif de protection pour ordinateur - Google Patents

Dispositif de protection pour ordinateur Download PDF

Info

Publication number
WO1993013477A1
WO1993013477A1 PCT/US1992/011374 US9211374W WO9313477A1 WO 1993013477 A1 WO1993013477 A1 WO 1993013477A1 US 9211374 W US9211374 W US 9211374W WO 9313477 A1 WO9313477 A1 WO 9313477A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
disk
executable file
command
access
Prior art date
Application number
PCT/US1992/011374
Other languages
English (en)
Inventor
Shmuel Y. Kedmi
Eliahu Dror Lenger
Original Assignee
Onyx Technologies (Usa) Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Onyx Technologies (Usa) Inc. filed Critical Onyx Technologies (Usa) Inc.
Publication of WO1993013477A1 publication Critical patent/WO1993013477A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware

Definitions

  • the present invention relates generally to hardware software for protecting data stored on a computer.
  • Computer viruses are computer programs which, witho the knowledge of a user, enter a computer and execute.
  • the programs often wreak havoc with the proper operation of t computer and can also alter stored data.
  • a computer virus program enters a computer as an u known add-on to an executable program.
  • the virus program is also execu ed, without the knowledge of the user.
  • the virus program typically ensur that it will be executed again, whether or not the user aga executes the desired executable program. It does this, f example, by copying itself into a new executable file and/ becoming a Terminate and Stay Resident (TSR) program, a progr which is always available.
  • TSR Terminate and Stay Resident
  • the interrupt vector is a coded list of addresses be referenced whenever an interrupt code is received. So typical interrupt codes relate to the pressing of a key on t keyboard and the movement of a mouse.
  • the addresses in the inte rupt vector are the first addresses in memory where operations be executed upon receipt of the appropriate code are stored.
  • a virus might alter or "redefine" the addresses of t interrupt vector such that the new addresses stored point addresses in memory where the virus has stored its own operatio to be executed when an interrupt code is received.
  • t virus operations include the operation the user expects to see well as other, undesired operations. Thus, for example, if t user causes a keypress interrupt, the typed key will be di played, as normally occurs, and, in addition, the operations the virus will be performed.
  • Anti-virus programs are well known in the art. Th are developed by analyzing the operation of a particular vir program or family of virus programs, much as an anti-viral dr is produced once the operating mode of a human virus or group viruses is understood. Thus, for each known virus program o group of programs, there is an anti-virus program.
  • Some anti-virus programs just identify that a viru exists on a user's machine. Others remove the virus upon discov ering it.
  • One method of identifying a virus is to check for an strange operational behavior, such as unexplained changes in th size of files, in the format of data, or in the interrupt vector
  • Another method is by identifying that there is a known string o bytes known to be a virus.
  • Anti-Virus Program manufactured by Iris Software . an Computers of Givatayim, Israel.
  • the Anti-Virus Program appear not to allow virus programs to install themselves on a hard dis of a computer and it does this by continuously checking th memory of the computer during operation.
  • the present invention operates without an knowledge of the characteristics of any virus programs.
  • apparatus for protectin access to at least one selected area of a disk includes apparatus for defining the selected area of the disk apparatus for determining that a disk access command has issue for at least a portion of the selected area and apparatus fo disabling the disk access command.
  • apparatus for protecting dat stored on a disk of a computer.
  • the apparatus includes apparatu for determining when the computer issues one of a predetermine set of commands and apparatus, responsive to the issued command for selectively interfering with the normal operation of th computer.
  • apparatus for protecting th operation of a computer having active mem ' ory includes apparatus for defining that at least one executable fil is clean, apparatus for determining when the computer is command ed to load a first executable file into the active memory, appa ratus for storing an interrupt vector from a previously loade executable file if the first executable file is not clean and fo enabling the first executable file to load and to execute an apparatus for restoring the stored interrupt vector once th first executable file finishes executing.
  • the disk access command is a selected one of write, read or format command.
  • the predetermined set of comman includes write, read, format and load commands.
  • the apparatus includes apparatus for identif ing a user and a classification level of the user.
  • the apparat also includes apparatus for classifying access levels for da stored in the at least one selected area.
  • the apparatus for disabling includes apparat for authorizing performance of the disk access command if t apparatus for identifying a user indicates that the user has classification level equivalent to or larger than the acces level for data to be accessed.
  • the apparatus includes apparatus for definin accompanying files to be opened when the first executable file i loaded and apparatus for closing the accompanying files if anoth er executable file is commanded to be loaded.
  • the disk forms part of a computer and - th apparatus for disabling or the apparatus for selectively inter fering include a stop and hold command to the computer.
  • the apparatus for disabling or the apparatus for selec tively interfering include a non-maskable interrupt to the com puter.
  • a further alternative for the apparatus for disabling o the apparatus for selectively interfering is 'an analog switch.
  • apparatus for protecting at least one selected area of a disk of a computer from undesired access operations including a disk controller and a bus.
  • the apparatus includes apparatus connected in parallel to the bus for determining that an undesired access command to a portion of the selected area of the disk has issued and apparatus for disa ⁇ bling the undesired access command.
  • a computer network including a multiplicity of computer workstations each usable by one use at one time and each having a workstation storage medium, a fil server for storing files accessible by each of the compute workstations, the file server having a server storage medium workstation protection apparatus for protecting access to a least one selected area of the workstation storage medium an server protection apparatus for protecting access to at least on selected area of the server storage medium.
  • the server protectio apparatus communicates with each of the workstation protectio apparatus to provide information regarding the selected area o the server storage medium.
  • the server protection apparatus and th workstation protection apparatus include apparatus for definin the at least one selected areas of the storage media, apparatu for determining that a disk access command has issued for a least a portion of the selected areas and apparatus for disablin the disk access command.
  • the server protection apparatus and' the workstation protection apparatus include apparatus for determin ⁇ ing when the computer issues one of a predetermined set of com ⁇ mands and apparatus, responsive to the issued command, for selec ⁇ tively interfering with the normal operation of the computer.
  • the workstations and the file server have active memories.
  • the server protection apparatus and the worksta ⁇ tion protection apparatus include apparatus for defining that at least one executable file is clean, apparatus for determining when the computer is commanded to load a first executable file into the active memory of one of the workstations, apparatus for storing an interrupt vector from a previously loaded executable file if the first executable file is not clean and for enabling the first executable file to load and to execute and apparatus for restoring the stored interrupt vector once the first executa ⁇ ble file finishes executing.
  • FIG. 1 is a general block diagram illustration o interaction of apparatus for data protection constructed an operative in accordance with the present invention with a comput er;
  • Fig. 2 is a block diagram illustration of the element of the apparatus for protection of Fig. 1;
  • FIG. 3 s a more detailed block diagram illustration o the interaction shown in Fig. 1;
  • Fig. 4 is a flow chart illustration of the overal operations of the apparatus of the present invention.
  • Fig. 5 s a flow chart illustration of the operation o identifying a load command, useful in the operations of Fig. 4;
  • Fig. 6 is a flow chart illustration of the operation o identifying the file name, useful in the operations of Fig. 4;
  • Fig. 7 is a flow chart illustration of the operatio of saving an interrupt vector, useful in the operations of Fig. 4;
  • Fig. 8 is a flow chart illustration of the operation o restoring an interrupt vector, useful in the operations of Fig. 4;
  • Fig. 9 is a flow chart illustration * of changing parame ⁇ ters of operation of the apparatus of Fig. 1, useful in the operations of Fig. 4;
  • Fig. 1G is a flow chart illustration of the operations of disabling the operation of the computer, useful in the opera ⁇ tions of Fig. 4;
  • Fig. 11 is a flow chart illustration of installation operations, useful in the operations of Fig. 4.
  • Fig. 12 is a block diagram illustration of a plurality of the apparatus of Fig. 2 connected together in a network.
  • Fig. 1 illustrates, i block diagram format, the operation of a protection device 10 o the present invention when operating to protect a computer 1 against the operation of a virus.
  • the computer 12 is typically personal computer and comprises a Central Processing Unit (CPU 14 having a low frequency clock 15, such as an 80286 CPU manufac tured by Intel of the U.S.A. with a 6 MHz clock, a Random Acces Memory (RAM) 16, a disk 18 and a disk controller 20, such as th 82064 controller also manufactured by Intel.
  • the disk 18 can b a hard disk or a floppy disk.
  • the elements of the personal computer com in a housing which is large enough to hold other elements, suc as a modem.
  • Computer 12 typically operates under an operatin system, such as the Disk Operating System (DOS) 22 of Microsof Inc. of the USA.
  • DOS stores information regarding each file o the disk 18 in a File Allocation Table (FAT) 24.
  • the FAT 24 typically includes a list, per file, of the portions of the dis 18, known as sectors, which are allocated to each file.
  • the protection device 10 is typically located within the housing of the computer 12 and typically communicates with the computer 12 via a bus 26 of computer 12.
  • Bus 26 can be any suitable bus, such as the Industrial Standard Architecture (ISA) AT bus.
  • Protection device 10 is operative to protect the com ⁇ puter 12 from unauthorized memory access , such as accessing the disk 18, and from the effects of redefinition of the interrupt vector.
  • the user de ⁇ fines, through protection device 10, a protected area 30 on disk 18.
  • the protection device 10 stores within itself a listing of the locations, or sectors, of the disk 18 which are within pro ⁇ tected area 30- This listing is known as the protected area FAT 32.
  • the user will store within the protect area 30 those files most important to him, such as those relati to his operating system, his most commonly used executable fil and any data which he desires not to be damaged.
  • t user will place in the protected area 30 only those files whi he knows are clean, or have no viruses attached to them.
  • protection device 10 detects a disk access co mand, either a write, read or format disk command, which addres es a section of the protected area 30t protection device 10 wi only enable the disk access if an authorized user authorizes it.
  • the protection device 10 monitors t commands of the CPU 14 for a load command in which an executab file, such as a program or a virus, is loaded into RAM 16.
  • the interrupt vector o the previously loaded file, assuming it was a file known to b clean, is saved before loading the new executable file.
  • the protection devic 10 retrieves the saved interrupt vector. In this manner, th changed interrupt vector will be active only as long as - th present executable file is executing.
  • data files which are typically opened whe a given executable file is executing can be indicated as such.
  • These "accompanying data files” are then opened upon loading o the executable file and are closed when the executable file ceases operating. Specifically, if an executable file is com manded to be loaded while the accompanying data files of previously loaded executable file are still open, the protectio unit 10 closes the accompanying data files before allowing th newly commanded executable file to load.
  • Protection device 10 typically comprises a manager 40 for manag- ing the operations of protection device 10, a protected area definition unit 42 for defining protected area 30 and for identi- fying the files which are to be placed in protected area 30, an a command recognition unit 44 for recognizing when one of predetermined set of commands is produced by the computer 12.
  • the manager 40 provides installation operations, an classification and identification of system users.
  • users can be classified by the level o access to the protected files in the protected area 30 permitte them. For instance, it may be desired to define two acces levels, one of "system operator" and one of a "regular operator".
  • the system operator is allowed to access system files, such a files pertaining to the operating system, and application files.
  • the regular operator is allowed to access only application files.
  • users are provided with user names and external means for identification 46, such as passwords, special codes or magnetic cards, such as credit cards.
  • the means for identification 46 are provided to an identification unit 48, such as a keyboard of computer 12 for receiving passwords and such as a magnetic card reader, such as those produced by Neuron Corporation of Tokyo, Japan, for receiv ⁇ ing magnetic cards.
  • the identification unit 48 compares the identification received to that expected for the specific user and notifies the manager 4 ⁇ whether or not there is a match. Without a match, the user cannot access the files in the protect ⁇ ed area 30. With a match, the user can access the files permitted for his access level.
  • protected area definition unit 42 enables the selected files to be defined as protected.
  • the definition opera ⁇ tion is performed as follows:
  • the protected area definition unit 42 requires that CPU 14 provide it with a copy of FAT 24. Unit 42 then searches FAT 24 for the sector or sectors on disk 18 in which the selected files are stored. These addresses are then stored in protected FAT 32 which, in turn, is stored in an Electronically Erasable Program ⁇ mable Read Only Memory (EEPROM) 68, shown in Fig. 3 and described in more detail hereinbelow.
  • EEPROM Electronically Erasable Program ⁇ mable Read Only Memory
  • the protected area definition unit 42 enables the us to define which files are to be protected and to provide class fication levels for them. For the example hereinabove, the syst files will have a level of "system operator only" and the appl cation files will have a level of "everyone allowed" .
  • Unit 42 also enables the user to indicate which ex cutable files are known to be clean, or free of viruses.
  • the protected FAT 3 also contains classificati level information and cleanliness status information for ea file protected.
  • the command recognition unit 44 monitors bus 26 fo commands, comparing every received command with the predetermine set of commands.
  • the predetermined set typically comprises an read, write or loading commands. These also include formattin commands which effectively rewrite the entire disk 18.
  • the comman recognition unit 44 determines if it is a load command. If so, unit 44 provides control to an interrupt vector protection uni 50. If not, indicating that a disk access operation is about t take place, unit 44 provides control to an 'address recognitio unit 52.
  • Address recognition unit 52 compares the address asso ⁇ ciated with the command to the sector addresses stored in the protected FAT 3 and checks the classification level for the addressed sector. If there is a match, indicating that the com ⁇ puter 12 is attempting to access protected area 30t unit 52 issues a stop command to a disk access protection unit ⁇ to disable the access attempt. Unit 52 then requests that the user provide authorization for the access of area 30. The user then has to provide its identification means 46 to identification unit 48.
  • Th user is thus notified as soon as a virus program attempts t write to the disk or an unauthorized user tries to access th area 30- If the user wishes to reenable disk access, he typicall has to restart, or "reboot" the computer 12.
  • the command recognition unit 44 identifies a loa command by identifying that a command to write to a predetermine address in RAM 16 has been issued.
  • the predetermined address i the address into which the first address of the executable fil to be loaded is stored.
  • the interrupt vector protection unit 50 first disable access to any accompanying data files of the previously loade executable file, herein called the "first" executable file. Uni 50 then identifies the executable file about to be loaded, hence forth called the "second" executable file, by comparing th addresses of the second executable file with those stored in th protected FAT 32.
  • unit 50 stops the operation of CPU 14, read the current interrupt vector which belongs to the previous exe cutable file and stores the interrupt vector in EEPROM 68 (Fig. 3) .
  • the CPU 14 is then released and control of the protectio unit 10 is returned to the command recognition unit 44 and th second executable file is allowed to execute.
  • the interrupt vector protection unit 0 When a new executable file, herein called the "third" executable file, is loaded after a second executable file whic was not clean, the interrupt vector protection unit 0 replace the interrupt vector of the second executable file, which ma have been defined to address undesirable operations, with th interrupt vector of the first executable file.
  • the replacement operation includes the steps of stop ping CPU 14, writing the stored interrupt vector into the inter rupt vector storage addresses in RAM 16, and releasing CPU 14.
  • unit 50 After replacing the interrupt vector, unit check that the third executable file is clean. If not, then unit 5 saves the interrupt vector, which is now that of the first exe cutable file. Unit 50 then proceeds as described hereinabove.
  • FIG. 3 illustrates, i block diagram format, the hardware elements of the present inven tion.
  • Protection device 10 typically comprises a microproces ⁇ sor 60 with a high frequency clock 62, such as the 8O386DX micro ⁇ processor manufactured by Intel of the USA with a 33 MHz clock, working in conjunction with a RAM 64.
  • Microprocessor 60 typically is associated with at least one input/output port 66 which is connected to bus 26.
  • Microprocessor 60 is further associated with Electroni ⁇ cally Erasable Programmable Read Only Memory (EEPROM) 68 for storing the predetermined set of commands, protected FAT 32, interrupt vectors, passwords and user names.
  • EEPROM Electroni ⁇ cally Erasable Programmable Read Only Memory
  • Microprocessor 60 in conjunction with RAM 64, typical ⁇ ly implements the manager 40, the protected area definition unit 42, the command recognition unit 44, the interrupt vector protec ⁇ tion unit 50 and the address recognition unit 52.
  • the disk access protection unit 5 ⁇ can be embodied in a number of ways.
  • Unit 5 ⁇ can be embodied as a hold and a stop command.
  • the hold command is transmitted, via bus 26, to the CPU 14 which causes the CPU 14 to stop its operation.
  • the stop command is sent, also via bus 26, to disk con ⁇ troller 20 to stop its operation.
  • This embodiment is operative for those disk controllers, such as the 82064 mentioned hereina ⁇ bove, which can respond to a stop command.
  • unit 54 can be embodied as an analo switch, such as the SN74ALS1244 manufactured by Texas Instrument of U.S.A., or as a mechanical relay. The switch or relay i connected to the power cable (not shown) of disk 18 and, whe activated, disconnects the power to disk 18.
  • unit ⁇ ca be embodied as a non-maskable interrupt which is sent directly t CPU 14.
  • the interrupt causes the CPU 14 to execute a routin stored therein which cancels the access command and/or reboot the system.
  • microprocessor 60 can provide a notice t CPU 14 that will indicate, upon rebooting, that the cause of th stopping of the computer 12 was a virus or unauthorized access and not something else.
  • unit 5 ⁇ can include combination of the above-described disabling methods and mecha nisms .
  • command recognition unit 44 address recognition unit 5 and dis access protection unit 54 are fast enough to finish performing i one clock cycle of computer 12.
  • the protectio device 10 of the present invention ensures that a virus whic tries to access protected area 30 generally will have no effect
  • the protection device 10 discovers the virus' as soon as it at tempts to access the data in the protected area 30, thereb indicating to the user which file or program is affected by th virus. Additionally, any changes to the interrupt vector create by the virus are effective only during the operating time of th virus.
  • th device 10 is a hardware device that operates in parallel to com puter 12 and is not operated by computer 12, thus making i difficult for a virus to overcome the operation of the device. Furthermore, the device 10 operates generally without any knowl- edge of the characteristics of virus programs.
  • protection devi 10 does not add a significant amount of time to the operation computer 12 since the microprocessor 60 operates in parallel bus 26.
  • the method of identifying unauthorized access describ hereinabove, can be applied to any suitable computer.
  • FIG. 4 - 11 illustrate the operations of the protection device 10.
  • the opera tions of Figs. 4 - 11 are typically performed in software store in the EEPROM 68 of protection device 10.
  • the figures are be lieved to be self-explanatory and therefore, in the interest o conciseness, they will not be described in great detail.
  • Fig. 4 describes the overall operations of the protec tion device 10
  • Fig. 5 describes the operation of identifying a loa command
  • Fig. 6 describes the operation of identifying the nam of a loaded executable file
  • Fig. 7 describes the operation of saving an interrup vector
  • Fig. 8 describes the operation of restoring an inter rupt vector
  • Fig. describes an update program for changing parame ⁇ ters of operation of the protection device 10, where typical parameters are the files which are in the protected area 30t the access levels of users, the classification levels of the protect ⁇ ed files, and the clean status of each file;
  • Fig. 10 describes the operations of disabling the operation of the computer
  • Fig. 11 describes installation operations. It will be noted that the update program illustrated in Fig. 9 is typically performed by software stored in the protected area 30 and loaded into RAM 16. The interface between the user and the software is through computer 12.
  • the program of Fig. 9 enables and disables access to accompanying files. Enabling is performed by modifyi the protected FAT 3 to include the accompanying files. Disabli is performed by modifying the protected FAT 32 to no long include the accompanying files.
  • the installation program whose operations are illus trated in Fig. 11 serves to identify the type of CPU 14, t peripheral apparatus attached to computer 12 and the version o the operating system under which everything operates. Further more, the program calls the software uses the update program o Fig. 9 n order to define the parameters of operation.
  • FIG. 12 illustrates plurality of computers connected together via a network 100
  • a multiplicity o workstations 102 which save their files onto a file server 104.
  • protectio devices are installed in each of workstations 102 and the fil server 104.
  • the protection devices on workstation 102 are labeled 106 and the protection device on the file serve is labeled 108.
  • the protection devices 106 and 108 operate generally a described hereinabove with the following exceptions:
  • the protection device 108 maintains a network-wid protected FAT 3 describing the status of the files stored o the file server 10 .
  • its protection device 106 checks the date o the protected FAT 32 of protection device 108. If the date i later than the date on the protected FAT 32 of the protectio device 106 of the workstation 102, the protection device 10 receives from protection device 108 a copy of its protected FA 32.
  • the protection devic 106 and 108 additionally comprise time clocks (not show which operate independently of the time clocks of t workstations.
  • the protection devices 106 monitor the time clock of the workstations 102 to ensure that the workstation tim matches the protection device time and to update the workstatio time if it does not match the protection device time.
  • the protection device 108 monitors the time of the file serve 104.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

Un appareil (10) servant à protéger l'accès à au moins une zone d'un disque comprend une unité d'identification (48), un gestionnaire (40), une unité de définition de la zone protégée (42), une unité de reconnaissance d'instruction (44), une unité de protection de vecteurs d'interruption (50), une unité de reconnaissance d'adresse (52), une table d'affectation de fichiers protégée (32) et une unité de protection d'accès au disque (54). Ces composants fonctionnent ensemble pour définir une table d'affectation de fichiers protégée (32) mise en place dans une mémoire morte programmable effaçable électriquement. La table d'affectation de fichiers (32) stocke les vecteurs d'interruption de fichiers exécutables, de fichiers du système d'exploitation et d'autres fichiers généralement attaqués par des virus. Avant qu'une instruction soit exécutée, les vecteurs d'interruption associés à cette instruction sont comparés avec les vecteurs d'interruption stockés dans la table d'affectation de fichiers protégée (32). Si les vecteurs d'interruption sont identiques, l'instruction est exécutée. Si ce n'est pas le cas, il pourrait y avoir une altération du fichier exécutable, l'instruction n'est donc pas exécutée.
PCT/US1992/011374 1991-12-23 1992-12-23 Dispositif de protection pour ordinateur WO1993013477A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US81273391A 1991-12-23 1991-12-23
US07/812,733 1991-12-23

Publications (1)

Publication Number Publication Date
WO1993013477A1 true WO1993013477A1 (fr) 1993-07-08

Family

ID=25210463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1992/011374 WO1993013477A1 (fr) 1991-12-23 1992-12-23 Dispositif de protection pour ordinateur

Country Status (1)

Country Link
WO (1) WO1993013477A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19635204A1 (de) * 1995-09-01 1997-05-15 Nat Semiconductor Corp Ausnahme-Sicherheitsschaltung
US6092161A (en) * 1996-03-13 2000-07-18 Arendee Limited Method and apparatus for controlling access to and corruption of information in a computer
WO2000065415A3 (fr) * 1999-04-22 2001-11-15 Dow Chemical Co Systeme de commande de processus, a unite de commande de securite integree
CN1107263C (zh) * 1995-01-24 2003-04-30 西南石油学院 一种计算机病毒的防治技术及硬件
CN1108565C (zh) * 1995-02-17 2003-05-14 罗建平 计算机硬盘文件固化方法
CN1109300C (zh) * 1997-07-31 2003-05-21 周恽 计算机硬盘存储内容透明保护的方法及其装置
WO2002027445A3 (fr) * 2000-09-29 2003-06-19 Steven Bress Protection contre l'ecriture pour dispositifs a memoire a long terme d'ordinateur
WO2006059335A1 (fr) * 2004-12-03 2006-06-08 Tedea Technological Dev And Au Procede et systeme pour la securisation de donnees stockees dans un dispositif de stockage
WO2007078648A1 (fr) * 2005-12-19 2007-07-12 Intel Corporation Mecanisme de commande d'acces a un dispositif de stockage
US8090904B2 (en) 2008-02-01 2012-01-03 Cru Acquisition Group, Llc Reduced hard-drive-capacity detection device
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4757533A (en) * 1985-09-11 1988-07-12 Computer Security Corporation Security system for microcomputers
US5012514A (en) * 1990-06-26 1991-04-30 Paul Renton Hard drive security system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4757533A (en) * 1985-09-11 1988-07-12 Computer Security Corporation Security system for microcomputers
US5012514A (en) * 1990-06-26 1991-04-30 Paul Renton Hard drive security system

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1107263C (zh) * 1995-01-24 2003-04-30 西南石油学院 一种计算机病毒的防治技术及硬件
CN1108565C (zh) * 1995-02-17 2003-05-14 罗建平 计算机硬盘文件固化方法
DE19635204A1 (de) * 1995-09-01 1997-05-15 Nat Semiconductor Corp Ausnahme-Sicherheitsschaltung
US6092161A (en) * 1996-03-13 2000-07-18 Arendee Limited Method and apparatus for controlling access to and corruption of information in a computer
US6684309B2 (en) 1996-03-13 2004-01-27 Arendee Limited Method for controlling access to data by redirecting modifications of the data
US6526488B1 (en) 1996-03-13 2003-02-25 Arendee Limited Computer systems
CN1109300C (zh) * 1997-07-31 2003-05-21 周恽 计算机硬盘存储内容透明保护的方法及其装置
US6647301B1 (en) 1999-04-22 2003-11-11 Dow Global Technologies Inc. Process control system with integrated safety control system
WO2000065415A3 (fr) * 1999-04-22 2001-11-15 Dow Chemical Co Systeme de commande de processus, a unite de commande de securite integree
WO2002027445A3 (fr) * 2000-09-29 2003-06-19 Steven Bress Protection contre l'ecriture pour dispositifs a memoire a long terme d'ordinateur
US6813682B2 (en) 2000-09-29 2004-11-02 Steven Bress Write protection for computer long-term memory devices
WO2006059335A1 (fr) * 2004-12-03 2006-06-08 Tedea Technological Dev And Au Procede et systeme pour la securisation de donnees stockees dans un dispositif de stockage
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
WO2007078648A1 (fr) * 2005-12-19 2007-07-12 Intel Corporation Mecanisme de commande d'acces a un dispositif de stockage
US7634629B2 (en) 2005-12-19 2009-12-15 Intel Corporation Mechanism to control access to a storage device
CN101416195B (zh) * 2005-12-19 2010-10-27 英特尔公司 能够控制对存储设备的访问的计算机系统
US8090904B2 (en) 2008-02-01 2012-01-03 Cru Acquisition Group, Llc Reduced hard-drive-capacity detection device

Similar Documents

Publication Publication Date Title
US5657473A (en) Method and apparatus for controlling access to and corruption of information in computer systems
US5265163A (en) Computer system security device
CN100389408C (zh) 硬盘数据加密备份及还原方法
JP2727520B2 (ja) メモリカード及びその作動方法
US3931504A (en) Electronic data processing security system and method
EP0197552B1 (fr) Méthode pour le traitement d'interruptions dans un système d'ordinateur numérique
US7890726B1 (en) Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
EP0268138B1 (fr) Mise en oeuvre de privilèges dans des systèmes microprocesseurs à utiliser pour la protection de biens logiciels
US5396609A (en) Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions
US5483649A (en) Personal computer security system
EP0842468B1 (fr) Protection contre les virus dans des systemes informatiques
US5289540A (en) Computer file protection system
US5287519A (en) LAN station personal computer system with controlled data access for normal and unauthorized users and method
AU635551B2 (en) An apparatus and method for preventing unauthorized access to bios in personal computer system
US5432939A (en) Trusted personal computer system with management control over initial program loading
US5828831A (en) System for preventing unauthorized use of a personal computer and a method therefore security function, and methods of installing and detaching a security device to/from a computer
NZ282954A (en) Data system; card reader provides secure access to a data storage system; non standard system calls detected during initialisation of system
JPH05173890A (ja) 携帯データキャリヤー用データ保護マイクロプロセッサー回路
EP1078311A1 (fr) Dispositif de stockage protege pour systeme informatique
WO1993013477A1 (fr) Dispositif de protection pour ordinateur
JPH01219982A (ja) Icカード
EP0695986A1 (fr) Système pour fournir la protection d'accès aux dispositifs de stockage d'information
JP3585510B2 (ja) プログラム実行管理装置及びプログラム実行管理方法
JP2002538532A (ja) Icカードのアプリケーションに対するアクセス保護装置
CN1225475A (zh) 基于计算机主板固化存储器的硬盘保护方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP KR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA