1. Field of the Invention
The present invention relates to computer system architecture and more particularly to an architecture for and method of limiting remote access to programs and data.
2. Description of the Related Technology
The role of computers is rapidly changing from computational machines to communication devices. The increasing use of the Internet by the general public increases the potential for hackers to break into sensitive computers. Computer hackers have successfully entered systems believed to be secure, gained unauthorized access, corrupted data, and infected systems with viruses that continue to cause havoc. While specialized software in the form of, for example, firewalls, is often provided to prevent unauthorized system access and to limit access so that unauthorized personnel cannot easily corrupt data and program files or otherwise cause damage to a computer system and loss of data, hackers are continually finding ways around the software. For example, viruses can be used to infect a computer system through infected software, causing the system to perform unauthorized functions and execute "rogue" code jeopardizing the integrity of the system. Because all functions performed by the computer system are controlled by instructions stored in the computer's memory, providing any remote access to the system provides an avenue for hackers to gain unauthorized access and do damage.
A representative computer system according to the prior art is shown in block diagram form in FIG. 1. A prior art computer system 100 includes a local system bus 102 connecting major elements of the computer system. Thus, local system bus 102 handles the transfer of instructions, data, address and control signals, etc. between the elements of the computer system. As shown in the figure, central processing unit 104 has a direct connection to bus 102 and to a dedicated main memory 106. Main memory 106 is typically a high speed, high bandwidth random access memory storing data and instructions. Non-volatile mass storage is provided by hard disk drives 110 and 112 interfacing via SCSI (small computer systems interface) device 108 to local system bus 102 and hard disk drive 122 interfacing through IDE (intelligent drive electronics) controller 120. Central processing unit 104 also has provisions for displaying data to a system operator by providing appropriate address, data and control signals to video interface 114 whereby data is displayed on video monitor 116. Finally, remote access to peripheral devices and buses is provided by serial port 118 and Ethernet interface 124, again over local system bus 102. Although not shown, other devices providing input and output to the system may be included, such as a keyboard, etc., which may include a dedicated interface to local system bus 102 or might be supported by serial port 118. Similarly, other output devices may be included, such as a printer interfacing through serial port 118 or an equivalent parallel port type data connection (not shown).
In operation, computer programs consisting of executable code and data and other information on which the code operates, are stored in main memory 106. Typically, this includes an operating system, such as Windows NT or Windows 98, together with various utilities and application programs. At startup or initialization, central processing unit 104 executes "boot" code, identifies system assets, such as IDE controller 120 and hard disk drive 122, and locates the appropriate operating system. The operating system software from hard disk drive 122 is then transferred through IDE controller 120 via local bus 102 to main memory 106. Central processing unit 104 then executes the operating system, transferring instructions as needed from main memory 106 into a "cache" or other local memory and registers that are a part of the central processing unit 104. While this is happening, dedicated hardware and firmware resident in video board 114 provide a visual display on video monitor 116 of system status and provide a video output for the operating system, utilities, and application programs. In addition to the online data storage provided by hard disk drive 122, multiple hard disk drives are supported by SCSI controller 108. As depicted, both hard disk drives 110 and 112 are interfaced to local system bus 102 through the SCSI controller 108 providing additional non-volatile storage capabilities.
In addition to local access to computer system 100, remote access is provided by serial port 118 and Ethernet card 124. For example, a modem (not shown) may be attached to serial port 118 to interface computer system 100 to other media such as the public switched telephone network (PSTN), radio and fiber optic systems, etc., thereby providing connectivity to remote users and systems. An appropriate communications utility or application running on central processing unit 104 together with serial port 118 supports exchange of data with the remote users and systems. Similarly, Ethernet 124 is a specific embodiment of a network connectivity supporting, for example, a local area network (LAN), a wide area network (WAN), etc., with multiple remote computer systems and other resources attached. Using these remote access facilities, computer system 100 becomes accessible to authorized, and in many cases, unauthorized users.
Although not shown, other peripherals may be included, such as CD-ROMS (compact disk--read only memories), CD-WORM (compact disk--write once read many) or CD-WO (compact disk--write once), CD-RW (compact disk--re-writeable), DVD-RAM (digital versatile disk--RAM), DVD-ROM (digital versatile disk--ROM), various tape drives and traditional 31/2 inch floppy disk drives. These devices are particularly useful for the transport of data between systems and backup purposes using removable media. Conventionally, because of access speed and storage space limitations, these devices are generally not relied upon as substitutes for hard disk drives which continue to be used as the primary media for non-volatile program and data mass storage. However, as computer systems have been made available to greater numbers of users, both locally and remotely, maintaining the integrity of programs and data stored on computer systems has become an increasing concern.
Prior art systems implement various physical and software systems to control access to the system and provide security. For example, computer systems handling classified information may require TEMPEST approval to avoid unintended radiation of information, be located in a secure facility such as a limited access area to provide physical security, and be operated in a stand alone configuration without provision for remote access to avoid remote hacker access. Physical security, however, cannot address remote access users so that a variety of software is used to establish varying authorization levels for remote system use and access. For example, remote users may be required to interface via a secure access or "firewall" system which requires a user to establish authorization to access a computer system prior to providing a connection. A firewall may further monitor use of facilities, limiting access and use according to the user's authorization. Software on the computer system itself further monitors access using, for example, passwords, personal identification numbers (pins), etc. to control access and use. Other software may be implemented to protect, for example, certain area of memory such as the operating system from being altered or overwritten. Some operating systems, for example, further limit write operations to particular areas of memory containing data used by a particular application and limit access to other areas of memory or alteration of instructions stored in memory. However, such software protections have often proved inadequate to stop a determined hacker from gaining unauthorized access and bypassing such safeguards. For example, a hacker might use another program to generate and try thousands or millions of access code combinations to break into a system. Alternatively, using a more conventional approach, a hacker might rummage through discarded company documents to obtain access code information, unlisted maintenance telephone numbers, ctc. Access may also be obtained by "back doors" into the system otherwise used for maintenance, billing, and other non-remote access purposes. Hackers may also obtain access by implanting computer viruses into the system, often embedded in innocent appearing host software. Once implanted, the virus can damage the system directly or provide other methods of access for the hacker.
In addition to remote covert action, computer systems are also subject to local attacks by, for example, disgruntled employees, etc. On a less sinister basis, computer systems are further subject to unintentional damage by human operator error inadvertently deleting or modifying files and by program bugs in the system and applications having similar effects and results as that of intentional attacks on the system.
For the foregoing reasons, there exists a need for a secure computer system architecture and method for providing computer security which cannot be easily bypassed by innocent or surreptitious means, either remotely or local to the computer system. A further need exists for a computer system and method of operating a computer system which preserves data and program integrity while providing for remote access to users having only read access. A still further need exists for a computer system and method of operating a computer system which prevents data and instruction corruption, modification and deletion by improper operation of host applications or due to the intentional actions of software viruses and other rogue executable code.