1. Field of the Invention
The present invention relates to computer memory devices and, more specifically, to mechanisms for controlling user access to the memory devices.
2. Description of Related Art
There are many situations in which it is desirable to allow data to be read from a non-volatile long-term memory storage device, such as a computer hard drive, but not allow data to be written to the device. For example, law enforcement officials have occasion to confiscate long-term memory storage devices. Once confiscated, the law enforcement officials need to be able to examine the storage device without changing the storage state of the device. Some operating systems, such as the Windows(copyright) operating systems from Microsoft Corporation, may modify the storage device when accessing files on the device, even if the user is only trying to read files from the device. In addition, during startup, operating systems such as Windows(copyright) will write up to hundreds of megabytes of data to a storage device as the operating system initializes. These situations are not acceptable when trying to preserve the state of a storage device to its as-confiscated state.
An example of another situation in which it is desirable to allow data to be read from a storage device but not written is in the area of computer security. A computer that is connected to other computers through a network, such as the Internet, is vulnerable to attack. A malicious hacker may attempt to write/change data on a target computer. Although most modern computers have some form of software password protection, these passwords can be bypassed, or xe2x80x9chacked,xe2x80x9d by a determined attacker. In addition, attacks can come from viruses that are inadvertently transmitted between computers. One way to minimize or prevent damage from such attacks is to block the modification of all of or of certain predetermined sensitive areas of the computer""s storage device.
There are a number of known conventional techniques for write protecting memory devices, such as hard drives. One class of early techniques revolved around the concept of disabling a write gate signal transmitted between the drive""s controller and the drive""s storage media. These techniques are not easy to implement with more modern hard drives, however, because the drive controller and storage media are integrated into a single closed system. Accordingly, the write gate signal is no longer easily accessible. Further, within the more modern integrated hard drives, the write gate signal may be implemented as a signal etched onto an integrated circuit and would, thus, be difficult to electrically contact even if the drive were opened.
A second class of drive write protection techniques is based on software protection of the drive. In general, these techniques involve the installation of software that modifies the read/write parameters of the system. One disadvantage of these techniques is that they tend to be operating system specific. This creates the potential burden of properly installing, updating, and operating the software. Additionally, because installing software may change the state of the storage device, software techniques are not appropriate in situations, such as in law enforcement, in which not changing the state of the storage device is a priority.
A final class of drive protection techniques is based on inserting hardware devices designed to operate with particular computer configurations, such as a card inserted into a host""s PCI bus. Such devices are also not without their limitations. For example, the devices may only work with certain types of computer systems or may only block predefined write commands. These limitations can be problematic if the device is not compatible with the desired computer system or if new write commands are introduced which are not recognized by the device.
Accordingly, there is a need in the art for an improved mechanism for write protecting a memory device, such as a disk drive.
Systems and methods consistent with the present invention address these and other needs by providing for an operating system independent blocking device that is physically inserted between a host computer and a storage device.
One aspect of the invention is directed to a blocking device including a plurality of elements. Specifically, the blocking device includes an interface emulator configured to emulate an interface presented by a storage device and an interface for connecting to a storage device. Additionally, the blocking device includes a processor coupled to the interface emulator and the interface. The processor examines commands received through the interface emulator that are generated by a host and intended for the storage device and allows only those of the commands that match a predetermined set of commands to pass.
A second aspect of the invention is directed to a device that includes an IDE emulator component, an IDE interface, and a logic circuit. The IDE emulator component includes a physical interface designed to engage a first cable that connects to a host that controls an IDE storage device. The IDE interface is configured to engage a second cable that connects to the IDE storage device. The logic circuit connects the IDE emulator component to the IDE interface and compares commands received at the IDE emulator component to a predetermined set of commands and blocks transmission of one or more of the commands from the IDE emulator component to the IDE interface when the comparison indicates that the logic circuit does not recognize the received command or the comparison indicates that the received command is a command that modifies the storage device.
Another device consistent with the invention includes an emulator component, the emulator component including a physical interface designed to connect to a host that controls a storage device. Additionally, an interface is configured to connect to the storage device and a logic circuit connects the emulator component to the interface and is configured to compare information received at the emulator component to a computer virus definition file and to block transmission of storage commands from the emulator component to the interface when the comparison indicates a match with the computer virus definition file.
Another aspect of the invention is a method that intercepts communications between a computer motherboard and a local storage device and compares commands in the communications between the motherboard and the storage device to a predetermined set of commands. Additionally, the method includes forwarding selected ones of the commands to the storage device based on the comparison and blocking selected other ones of the commands from being received by the storage device based on the comparison.
Yet another aspect of the invention is directed to a computer system. The computer system includes a host computer, a long-term storage device, and a blocking device coupled between the host computer and the storage device. The blocking device is configured to intercept commands from the host to the storage device and to block certain commands from reaching the storage device and to pass other ones of the commands to the storage device.