The present invention is a method for protection of computer files from unauthorized access and/or modification and from unintentional damage. It is particularly useful for protection of files against malevolent tampering and sabotage.
A problem of serious and potentially disastrous proportions exists in the protection of computer files from unauthorized modification. This ranges from unauthorized but benign entry by unethical computer buffs, who regard it as a personal challenge to find ways to enter a system, to deliberate and criminal sabotage of stored data and software. The extent of computer crime has grown markedly as criminal elements, now aware of the possibility for ill gotten gain or vengeance, have achieved a hitherto unknown level of sophistication. Much of the computer crime that does occur is little publicized. This is to minimize its consequences and to avoid encouragement of others who might find it attractive. In addition to the possible enormous consequences for business, education, and general government operations, the implications for defense could be of the nature of a major national disaster.
An especially pernicious form of file modification is known as a "virus". The analog to a biological virus is readily apparent. A computer virus is designed to attach itself to a program already on the computer. The result is a program that is "infected". This usually occurs in a manner that, at least initially, is unapparent to the legitimate user. The infected target files are usually unchanged until some predefined event or events take place. At this time the virus embedded in the infected files activates. The action taken when the virus is triggered may range from a harmless message flashed throughout the system to the complete destruction of all files in the infected system. A virus must, by definition, modify a file stored in the system in order to propagate itself. A virus recently propagated within three days throughout a nationwide computer network and caused damage in excess of $10 million.
Other forms of computer file vandalism are known within the computer profession as "worms", "Trojan horses", and "bombs". All such programs modify the file system in some manner in order to perform their intended function. While the above terms have specific meaning to computer scientists, for the sake of convenience they will all be classified here as "viruses" since their operation, intent and methods of prevention are in most ways very similar.
Computer files are also subject to innocent errors resulting from accidental and unintended mistakes. Within a given environment the effect may be as damaging as a virus. However, such errors generally do not spread to other computers. A particularly vulnerable environment is one in which software development is in progress. Generally there is no mechanism for protecting files on a computer system from damage by errant programs. Valuable files can easily be destroyed requiring many hours, days or weeks for reconstruction.
Another source of innocent error is accidental erasure or modification of files. This can result from a simple mistake on the part of the operator and may or may not be salvageable. Most of the commonly used operating systems for individual or networked computers allow files to be erased or modified with simple commands that do not prompt or question the user before proceeding.
Computer security has itself become a recognized specialty within the profession. The most common method of minimizing problems from intrusive sabotage is to incorporate software in the computer system that checks for known types of viruses and/or periodically checks the integrity of the files in the system. There are a number of variations on the software approach to protection. One method of checking file integrity is to perform a test of each file which results in a unique "signature" for the file. This method is reasonably robust but it is somewhat time consuming. Most often, the signature is generated using a Cyclic Redundancy Code (CRC) algorithm. This test does nothing to cure a file which might have become infected but it does identify files which have been infected since they were last tested. To be truly effective the test should be run each time a file is accessed. However, in most cases this would impose such a large overhead as to make the system non-productive.
A second method is to incorporate a software program which checks each file as it is used for a set of known types of infection. Several problems exist with this approach. First, a number of viruses are self-modifying. By that is meant that they change their characteristics specifically in order to thwart this kind of protection. Second, new viruses unknown to the protection program may be introduced into the file system and these will not be recognized. A third problem is that of overhead. It may be so great as to significantly reduce the usefulness of the system.
Another method provides a hardware module which can be programmed to write protect the entire file system. This method is clearly foolproof but poses such cumbersome limitations that it has only limited usefulness. Most business or scientific applications and virtually all program development environments require the ability to modify files. As one example, the files in a database application are usually continually updated by new additions and deletions. The hardware write protect approach appears to have merit only in those unusual instances where an application does not require the file system to be modified. If software support is used to determine when a file can be modified, it is susceptible to the same problems and disadvantages of the other software approaches.
A fourth method uses passwords and other user specific security protection to limit access to the file system. This is desirable and should be common practice in most computer networks. But it does not prevent the problem of virus entry. One of the most destructive viruses reported to date infected over 5000 computers, all of which had a password and user permission-based file system. The most common use of this type of protection is found on computers based on the UNIX operating system. Unix is a trademark of AT&T Information Systems, New York, New York, for a linked multi-workstation computer system. In regard to accidental file erasure, a number of products are available with an "unerase" feature. These take advantage of the way most files are removed from a directory by the operating system. The operating system simply indicates that the storage space of the deleted file is now available for new files, without actually physically erasing the earlier material. The unerase software restores the deleted file name back into the directory. However, it can function successfully only if the storage space occupied by the deleted file has not been overwritten. The process of attempting to recover an accidentally erased file is time consuming and can sometimes result in a corrupted file even under the best of circumstances.
Finally, any software based system of virsus protection has an inherent flaw that can itself be fatal. The very software that is intended to protect against infection can itself be the source of a virus. This very problem recently occurred with a suite of commercial programs, touted as the ultimate in anti-virus protection. The case in point was apparent sabotage by a disgruntled employee of the software firm marketing the protection system. An untold number of infections occurred and the manufacturer now faces an enormous liability for damage caused by his product.
Any security system, intended to provide protection for file systems, which is accessible to the general user through standard system resources can potentially be breached. Whether software based on hardware based, if the protection system can be accessed via normal system resources, then it can be bypassed or, even worse, used to camouflage a virus. A user who thinks the file system is protected is often complacent and less alert to the possibility of an infection. This often leads to a virus doing extensive damage before it is even noticed.
Cognizant of the above noted shortcomings in existing file security systems, the present invention represents a major improvement that greatly reduces and tightly controls the number of potential access points for virus entry without compromising convenience and utility for the general user.