This invention relates generally to operating systems and security for computer systems and more specifically to a controller and resource management (CARMS) © system and method with improved security for independently controlling a computer system.
There exists a real and vital need for increased security in computer systems and the operating systems that attempt to control them. The rapid growth in the availability and demand for applications such as business networking, online transactions, email, instant and text messaging, high-performance video, music, real-time playback, content-on-demand and many more applications have placed extreme security demands on the operating system and shared system resources of prior art computer systems. High-speed broadband communications such as DSL, cable, wireless and satellite have led to increases in unauthorized accesses to shared system resources.
Existing computer systems are inherently incapable of providing sufficient security since the operating system that attempts to control and manage the processor exists as processor instructions; instructions that are functionally and operationally dependent on the same processor for their existence. The security problem is fundamental: the processor must execute instructions in order for the operating system to exist; the operating system must exist to control the very same processor that executes the instructions that are responsible for its existence . . . and round and round goes. This invention addresses the fundamental security problems that are responsible for data corruption in existing systems by presenting a new paradigm for computer systems: computer systems with an independently functioning and operating controller and resource management system and method, providing vital system-level security for the computer system.
In order to execute processor program instructions, prior art computer systems are operationally and functionally dependent upon shared system resources including: operating system, application program, application program interface (API), API message buffer memory, device drivers and anti-virus/anti-hacker/anti-spam instructions. Prior art computer systems cannot separate the function and operation of the processor and operating system since both are mutually dependent upon each other in order to remain functionally operational.
Prior art systems are limited in their ability to identify and prevent unauthorized access and corruption of the shared system resources since the processor, memory and operating system are operatively and functionally linked together. Sharing system memory leaves prior art systems vulnerable to unauthorized accesses into application programs and operating system instructions. These unauthorized accesses lead to application errors, operating system instability, system lockups or persistent corruption of system resources. Furthermore, prior art operating systems and processors provide mutual and binding control over each other; the operating system attempts to control the processor, while the processor executes operating system instructions necessary for the operating system to control the very same processor. Problems are inevitable since the operating system and processor actually control each other; those skilled in the art will recognize that prior art operating systems do not independently provide control over the processor since it is impossible for the operating system to operate without having the processor execute instructions necessary for the operating system to exist; the processor must execute software to allow the operating system to attempt to control the very same processor, all the while sharing the same memory space.
Prior art operating systems and computer systems are typically provided with a single watchdog timer to monitor the health and operation of both the processor and operating system. Since both are mutually dependent on one another for their function and operation, adding a second watchdog timer will provide only marginal benefits. The present invention adds a second independent watchdog timer in addition to the watchdog timer used in prior art. Prior art watchdog timers are used for monitoring the health and operation of the processor whereas the present watchdog timer is used specifically for the purposes of monitoring the health and operation of the present invention controller and resource management system. This watchdog timer operates physically, functionally and operationally independent of the prior art watchdog timer used to monitor the health and operation of the processor.
Prior art computer systems use the processor to execute application programs in order to provide the messaging and higher-layer communication necessary for communicating between local or remote computer systems. The present invention allows direct and independent communication between separate present invention controllers and resource management systems via local or remote networking; the processors are not required to be networked together since the present invention controllers and resource management systems themselves are now directly networked together; locally and remotely.
Prior art operating systems and computer systems require the processor and processor memory to allocate a portion of their operational and functional resources, as well as a portion of their physical resources and memory space to the task of executing operating system instructions. The present invention relieves the processor and processor memory of this task since the present invention controller and resource management system now operates conceptually, physically, functionally and operationally independent of the processor and processor memory. The processor and processor memory are provided with increased resources and memory space allowing for an increase in overall computer system performance.