Currently, most if not all security controls in computers and computer systems and information appliances rely on the secure environment of their computing architecture and operating system. Application programs, program suites, and system and application updates with varying or conflicting security requirements may have to be installed and run on separate hardware or rely on their operating systems to isolate the application program sets and impose and enforce different security and/or access requirements within the application sets.
While discretionary access controls common in products exist, these produces may typically not be capable of solving the generic problem of malicious code (viruses, spy-ware, hacker code, pop-ups, Trojan horses, or the like) and cannot sufficiently identify nor separate what a user intends to run or execute, from what a user is or may be unintentionally executing (such as viral code attached to a user file). Also, discretionary controls may presume that users are acting in an authorized way, and this may not always be the case. Vulnerable system files, applications, and unsophisticated users may allow malicious code to enter and compromise a system. In short, the operating systems of conventional processing environments are intrinsically compromisable.
These problems cannot be readily solved by adding a higher-level security infrastructure in conventional ways. Considering the most important predicted threats against system security are, for example, malicious developers, trap doors left during development and/or distribution, boot-sector viruses, root-kits, and compiler trap doors, effective security cannot be implemented in the operating system layers above it, for example in applications or middleware, because related security controls can be bypassed by those threats. Various integrity checkers, anti-virus scanners, and similar security applications are useful for mitigating risk, but have not and cannot provide security guarantees as they themselves may be compromised by the malicious code they are intended to detect. In addition, for certain anti-virus and anti-spyware, they require prior knowledge of the code or code segments or code signatures they are intended to detect.
Particularly problematic is the administration of file input and output (I/O) requests in a conventional computer, execution of unintended requests, undesired requests from automated processes, or even requests by unauthorized third parties over a network results in the unsafe exposure of all files and file directories in the computer. Viruses, worms, Trojan horses, and other malicious code and malware can attack user and system files resulting in corruption to existing files, suboptimal processing speeds, inoperable or unstable computing environments, or access to confidential data by unauthorized third parties. For computers connected onto a network, installation of downloaded and unverified or unverifiable data may also result in the execution of malware attached to such files. User error is further known to cause problems to the normal operation of a computer with unintended or unknown modifications to critical system, program and/or user files. Ultimately, the effects of these problems may leave all or part of data corrupt and/or irretrievably lost.
Malicious threat to critical boot-sector files in the current computing architecture may also occur through such direct disk (or other storage device boot sector, region, or equivalent storage) access. When booting a conventional computer, the processor typically first reads the master boot record and then loads the boot loader and other necessary information from the hard disk using block-direct disk reads. When updates to the master boot record are attempted, the conventional architecture allows direct access to the hard disk for any reads and writes. Although operating system level controls may thwart some access to files, the operating system level is not adequately capable of protecting against other malicious code residing below it. Such malicious code may freely modify boot sector files and load up during the boot process and modify the file system without additional controls from below the operating system level.
Of primary importance in the management of all data access and file updates is the file system within the computer. A file system provides the file directory structure for data storage and allows users and application programs to access files in storage. A computer typically has a single file system which manages all file access and updates for the computer for which it operates. Conventional file systems are operative to monitor inbound and outbound file update traffic. A file system filter driver may intercept requests intended for the file system, another file system filter driver, a network, or a block device. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the file system. Examples of file system filter drivers include anti-virus filters, backup agents, and encryption products which can offer additional protective measures against malware for file I/O requests prior to reaching the file system.
While prior art file systems have beneficial aspects in combating the effects of malware through extended functionality provided by the filter driver, such file systems also have disadvantageous aspects. One disadvantageous aspect is that a computer cannot safely access a single file or group of files within the file system without providing access to other files and thus exposing such other files. Once access is gained to the file system, all files are exposed and may be modified despite the protective measures of anti-virus software operative via the filter driver. For example, if a zero day virus has attached to a seemingly legitimate update file, then installation of the update file will result in the execution of the malicious code and further access by the malicious code to the remaining files via the file system. Installation of a program application update may also involve the update of a driver file that is commonly used for other applications utilizing a previous driver version. Although the update may in fact be legitimate, updating the driver may cause incompatibility issues with the remaining programs that also utilize the driver.
Another disadvantageous aspect of the conventional single file system environment is the ability of malicious code and other malware to circumvent the file system and read or write data directly to the block device. This circumvention technique facilitates unauthorized access by malicious code and other malware to a processing environment's metadata and furthermore facilities the malicious code's ability to modify metadata or other critical system content through such unauthorized means and channels.
Other solutions utilize the partitioning of processing environments to isolate select processing activities, such as for example the use of virtual computing environments to isolate the installation of a new application program. These solutions nonetheless leave the computing system susceptible to malicious code or other potential file incompatibilities. In order for a new application program to obtain full access to existing user files and other application program files, the new application program must still be managed by the computer's primary file system thus exposing data to potential malicious code or other harmful effects associated with the installation of a new application program file or file set.
Another disadvantageous aspect of the prior art file system relates to the manner in which files are restored. Conventional systems allow users to backup files using a snapshot method where the system takes a snapshot of all files and file directories in the present system. In the event the user desires to revert to a prior file system state, then all directories and files in the file system are reverted to the prior version as provided for in a snapshot. Under the conventional snapshot method, all or none of the files must be reverted to the prior version. Although users may manually create backups for particular files, such backups are typically cumbersome and require the user to manually manage system resources and manually delete and create such backup files.
Notwithstanding such current limited and oftentimes ineffective defenses against malicious code, conventional systems further fail to ensure system integrity and provide dependable protections against data loss resulting from system infrastructure problems which may include power supply interruptions, complete power failures, system crashes, and/or other internal or external component failures. While the use of secondary power sources may resolve the issue of power supply failures, such solutions fail to protect against data loss that occurs when a hard drive fails or a system crashes from non power supply related causes, such as for example memory corruption, non-responsive services, or other hardware- and/or software-related flaws in computing systems, other information appliances, or other electronic devices that utilize a processor and execute software or firmware that might be susceptible to compromise.
What is needed is an architecture, system architecture, method and operational methodology that provides enhanced protection from computer hacking, viruses, spy-ware, cyber-terror attacks, and the like malicious activity and/or code. There also remains a need for an architecture, system architecture, method and operational methodology that protects against data loss to provide secure and reliable data processing.