Traditionally, in a system of computers, storage units have been created such that each storage unit interfaces with a single controlling system that has full control over that storage unit. Prior to networking operating systems, protection of shared information was possible only by the presence of built-in password protection capabilities within individual application software. Passwords have since been shown to be only marginally effective and, even then, marginally effective against only casually, curious individuals; passwords have been shown to be totally ineffective by themselves against theft, damage or loss of information on such systems.
U.S. Pat. No. 5,434,562 to Reardon suggested a method of protecting storage unit(s) on such systems by use of access control switches to apply limited access privileges, and by which multiple users can share the storage unit(s), one user at a time. However, the invention Reardon proposed applies only to singular systems having multiple, non-concurrent users.
U.S. Pat. No. 6,052,781 to Weber further proposed a method by which an individual computer system, also with non-concurrent users, can protect individualized storage. The invention Weber proposed “virtualized” the system to represent individually any number of personalized configurations available to users, identifiable by password. However, as mentioned above, the use of passwords has provided little real protection to date.
Today, networking is the primary means by which computer systems share information storage. Unfortunately, network methodology was never designed with security in mind. This is the primary reason for the poor performance of network security systems in attempts to prevent unauthorized access by knowledgeable “hackers”. The advent of networking operating systems allowed data sharing with other systems connected to the network, using software methods to facilitate and control the type of access allowed to the storage units. However, software-sharing methods must necessarily be implemented using a “client-server” architecture. This client-server model necessitates a means for clients to directly access the server (via requests), which the server then services by performing actions in its environment on the clients' behalf. These requests can be tailored to generate instability in the server's environment, which the client may later exploit. This is the primary means by which most forms of network-based intrusions are perpetrated. Network-based intrusions are insidious because would-be perpetrators can perform acts as if locally present, but remain protected by the anonymity they can achieve and the physical distance over which they can act.
Thus, a new means of controlled access to shared resources needs to be designed to solve this fundamental flaw of networking. The new method should not only restrict access, but it should provide “transparent” access to the information to which the client is allowed—that is, within the boundaries of the overall restricted access, access to the permitted information should be direct and unrestricted and not require a server as an intermediary. Transparent access implies that clients need not, and cannot, know that the server or other clients exists and, as such, clients must not be able to issue direct requests to servers. Transparency eliminates the possibility of remote access control of the server and the need to make the server's critical systems accessible to the client. The new method should be able to apply incontrovertible location identity to all involved and make local presence at the appropriate location a prerequisite for any attempt at subversion within a given private network.
It is obvious that the individual systems described by Reardon and Weber could be outfitted with networking operating systems to operate on a network. However, the resulting network could not negate remote access control, anonymity, or identity obfuscation, and the resulting access to the “protected” storage would be neither transparent nor restrictive to selected users. This is because the very nature of computers and the “cyber world”, as it exists today, resists the requirements for security. The networking software itself defeats the physical protection that the above inventions once attempted to impart to the storage medium. Now, the different users need only access to the network in order to gain the access to that which they were once denied by those patented physical mechanisms, without needing to contend with the protective mechanisms that they provide. Therefore, those systems would still be subject to exploitation and to the flaws in programs and operating systems.
European Patent No. EP0827065A2 proposed a non-networked means of sharing storage between two architecturally different computer systems via a special storage device controller. No method of restricting access was discussed or provided. The purpose ascribed to that invention—namely, allowing computer systems having different data formats to share storage and allowing the mainframe to backup the shared storage—is unrelated to security. The function of the storage device controller in that invention is merely to convert data addresses from different computer systems so as to permit access to the shared storage and to permit the mainframe to backup that storage.
European Patent No. EP0367702A2 presented an invention to facilitate access to shared storage by multiple processors in a multiprocessor environment. The method discussed would strictly prohibit transparent sharing and access control since the “owner” processor must process requests posted to it by “requestor” processors. In fact, the method described is almost totally encapsulated by networked systems; thus, the objections to networking made above in respect of security and transparency would apply to this patented invention as well.
Finally, U.S. Pat. No. 5,935,205 to Murayama et al. presented an invention involving a network-like arrangement of computers sharing storage units via a specialized storage controller and computer coupling adapters. Access control to any shared storage unit is in the form of identification and password authentication and is mediated by the resident storage controller on the system to which the storage unit was directly attached. However, the desired features of transparent access and inaccessible access control to guarantee security have not been provided. In addition, the authentication method used to control access can easily be defeated, and individual elements of the system could be reconfigured to pose as any other element to gain illegal access.
Recently, development of the fiberchannel switch network and its use within storage area networks (SAN) has been touted as the ideal secure data network. While the fiberchannel storage bus does allow multiple devices to share the same storage systems, it does not however provide the necessary transparent access rights control. This means that any system that can gain access to the bus can act as an imposter and, by switching identities, can discover all other elements that populate the bus. In addition, the SAN must be used in conjunction with a standard network. Since the security of such networks is the current concern, it provides the means by which a remote attacker can bypass any safety measures in the SAN by attacking the system that has valid access to the data in question. Furthermore, most SAN implementations utilize the client-server model of data access and sharing, providing yet another means for attackers to exploit software-related risks on the servers and clients.
Thus, there still exists a need for a non-standard networked means of sharing storage units or other resources that is secure and presents no danger to any attached host system. Standard network access control methods have been shown to be ineffective in many cases, and allowing any type of access over such networks promotes vulnerabilities to attacks from remote systems. The industry has responded inappropriately to the shortcomings of software methods of access control, creating more and more layers of elaborate software controls, none of which have yet fulfilled the task of securing shared information from unauthorized access. The solutions themselves add to the list of vulnerabilities in a system.
On a related issue, the nature of standard networks and the client-server model give rise to similar problems in respect of the secured sharing of information between systems. The advent of networking systems helped to remove the burden of communicating or transmitting information, but networks were originally devised to share information between privileged, trusted individuals and thus required few safeguards to protect the information or its storage and manipulation systems. This shortfall has been made painfully obvious since the birth of the Internet, which now allows any information system to be instantly accessible. by any other system from any location in the world. Mischievous and malicious individuals alike can now cause serious damage to systems operation as well as loss or thievery of information.
Often, the type of access violation stems from the manner in which computers and programs network or share information. The attacker has an interface to a program or computer that sends input to another program to request (a query) that it makes some information available for sharing (typical of the classic client-server model). The query or sequence of queries maligns the server's processing of queries, or processing of information related to processing the queries. Now the attacker can make certain subsequent queries which force (trick) the server to send information that it should and would not normally send to the client, or modify information or processing of information for the server or other clients. This is obviously a problem of lack of transparency in data sharing. The fulfillment of requests and the subsequent release of, or access to such information is the subject of daily hacking news reports.
Still, security solutions overlook this basic flaw and instead target the symptoms. Security methods such as encryption, public-key infrastructure, digital certifications, authentication, and firewalls have been devised with the intent of limiting unauthorized activities or render stolen information practically useless to thieves. These methods have thus far proven to be only partly effective, requiring relentless updating and revisions just to keep up with the resourcefulness of intruders. It is becoming obvious that software solutions will never provide a cure because software itself can be manipulated and exploited remotely with no risk to the interloper. Other hardware/software combinations have also had limited success because, even when functioning as designed, they provide loopholes which allow imposters access to any information or activity normally expected of the individual being impersonated. Most importantly, security solutions that target information storage and sharing themselves operate on the flawed client-server architecture, making them susceptible to its inherent risks.