The following discussion of the background art is intended to facilitate an understanding of the present invention only. It should be appreciated that the discussion is not an acknowledgement or admission that any of the material referred to was part of the common general knowledge as at the priority date of the present application.
With widespread developments in computer networking technology and computer use generally, the security of computer systems and especially accessing of data on storage media by such systems, has become of paramount importance to prevent unauthorised access by users and programs such as viruses, worms and other types of malware.
It is known to provide an operating system wherein a degree of protection against unauthorised access is provided by defining access permission to data stored on a storage medium for each user, and requiring authentication of the users, for example using a user name and password, prior to authorising access to the storage medium.
However, such an arrangement provides only a minimal degree of protection against unauthorised access to data storage media.
It is known to provide a system and method for securing data and information stores in a computer system which involves the use of a discrete security device interposed between a host central processing unit (CPU) and a mass data storage medium of the computer system. The security device controls and coordinates access to the mass data storage medium based on pre-defined user access profiles.
It is also known to provide such a security device which is integrated into a bus bridge circuit provided on the motherboard of the computer system or into a bus bridge circuit provided in the hard disk drive itself.
With both arrangements, the security device under control of a system administrator is able to set data access permissions for partitions provided on the mass storage medium of the computer system and for each user of the computer system. The data access permissions include read only access, write only access, read and write access, or no access. In this specification, a set of data access permissions defined for a particular user is termed a “user access profile”.
In order to ensure the integrity of the computer system incorporating the security device, the security device is configured to only authenticate users and assign user access profiles to users at start up of the computer system before loading the computer operating system. Modification of the user access profile for a particular user after loading the operating system is not possible.
However, while such an arrangement provides a high degree of security, the arrangement is relatively inconvenient to a user in the event that the user is assigned multiple access profiles for various circumstances, such as when connected or not connected to the Internet. In this instance, if the user is logged in according to an access profile which does not allow Internet access, in order to obtain Internet access the user would be required to shut down the operating system and adopt a different user profile appropriate for connecting to the Internet during the authentication stage of the start up process.
Such a process is inconvenient to a user of the system and can significantly detract from operation efficiency.