In general, operating systems (O/S) for computing devices, such as personal computers, have direct access to local storage devices (e.g., disk drive, flash memory), and can change data stored on within the storage device—including the stored copy of the operating system used at boot up. This direct access results in a number of concerns. First, since the code that the personal computer runs is accessible, malware (such as viruses, Trojan Horses or spyware) can modify the code to infect the system in a manner that can be persistent between boot cycles. Certain sophisticated malware can even insert itself into the scanning utilities used to detect the malware, thereby rendering protective programs ineffective against the virus. Second, changes to the disk occur nearly instantaneously, thus files that are deleted or damaged are often unrecoverable. Thirdly, since there is no mechanism to track changes to the file system, it is difficult and often unreliable to determine whether a document has been viewed or modified by a particular user. Lastly, because the O/S can enforce access rules, data stored on the storage device is at risk from attacks on the O/S or from unauthorized user modifications.
One traditional approach to address the above concerns involves the use of network file servers. However, a file server implementation introduces other issues, such as performance and scalability. Also, the requirement to maintain connectivity to the network limits the applicability of a network file server approach to an unnecessarily narrow range of applications. Further, the added complexity of using an additional network component, e.g., the file server, can negatively impact the reliability of the system.
Therefore, there is a need for an approach to effectively control access to local storage medium, while providing improved performance and scalability.