Computer manufacturers (OEMs) recognize the desirability and need to provide for “data separation” in computers, for a variety of reasons. Data separation is desirable for convenience and organization of data, differentiating privileges to access specific data, and preventing inadvertent contamination of data from infecting and compromising other data, among other purposes. As a result, for several years, numerous data-separation methods have been commercially introduced, chiefly in the form of downloadable applications onto a computer.
These include methods generally known as profiling, containerization, sandboxing, hypervisor-based virtualization, often characterized as “dual persona” to connote a meaningful separation between two data sets in an endpoint computer. Much of this methodology is directed to the growing popularity of “Bring Your Own Device” (BOYD) usage of various endpoint computers, tablets and smartphones by enterprise and government employees.
However, the combination of work-related and personal computing activity on the same computing device as, in turn, encouraged and spurred the growing scourge of organized, sophisticated cybercrime usually in the form of phishing exploit attacks, but others as well (such as keylogging) whereby the end user inadvertently allows malware to access the necessary data to effectively take over the endpoint computer, gain the necessary right to access the end user's network connections, and even obtain sufficient administrative privileges to compromise and steal massive network data. The existing art including the methods described above, do not assure prevention of these forms of attack. Regardless of method, the end user's computer under existing data-separation art contains one set of resources employs some or all of a single set of computer resources (kernel, RAM, drivers, storage), and by doing so the compromised resource can be the conduit to complete computer infection and network access. For example, despite data separation via containers or sandboxes, in an endpoint computer share kernel resources. Likewise, the hypervisor-based host OS shares resources with guest OS's. Profiling is easily compromised as well, by obtaining the rights to access different data segments. Typically, these vulnerabilities are known collectively as “privilege escalation” (and virtual machine escape).
The need to thwart privilege escalation vulnerability is well known and publicized. Examples of publications include: Numerous industry reports detail the inherent vulnerability and other flaws in these methods, e.g.: “How Mobile Malware Breaks Secure Containers”—Lacoon (July 2013); “Security Vulnerability Analysis in Virtualized Computing Environments”—International Journal of Intelligent Computing Research (March/June 2012); “New Virtualization Vulnerability Allows Escape To Hypervisor Attacks”—www.darkreading.com (June 2012); BlackBerry “file sharing authentication bypass vulnerabilities” and “escalation of privilege vulnerability”—www.blackberry.com (BSRT-2014-006)
In fact, reports of massive and costly data breach occurring long after the existing art was introduced indicates the need for an advanced data-separation method to thwart these successful attacks. Since 2013, massive attacks attributed to successful endpoint phishing that allowed the exploits to gain extensive enterprise and government network data, occurred at the U.S. Office of Personal Management, U.S. Department of Homeland Security, JPMorgan Chase, Target stores, the Home Depot, Anthem Healthcare, among numerous others. These share the common vulnerability that the access network was not “locked down”, as a true intranet whereby only authorized URL's were accessible, because to have done so, would have seriously hindered usability. Consequently, the successful attack gained sufficient user privileges to ultimately access the target enterprise network to cause harm that at times, has cost a victim over $250 million.
It is apparent that a method is desirable to provide absolute data-segment separation at the endpoint so that on the one hand, the appropriate network data can be locked down, while on the other hand, the use retains the flexibility not only to perform general employment functions in the same computer, but to engage in personal activity without threat that inadvertently, the user will introduce malware able to migrate to network access.
The present invention, through hardware separated operating systems (HSOS's), advances the art to create absolute data separation between the created independent OS's to both prevent cross-contamination between OS's but as well, to do so without restricting typical, wide-ranging usability.
In a preferred embodiment for combining use for business enterprise and personal activity where the enterprise data includes access to sensitive network data, the embodiment provides for three OS's whereby (1) one OS is used for access to a locked-down, restricted network, (2) a second OS is used for general enterprise activity such as business research or receipt of emails from untrusted but seemingly legitimate sources (a method typically used in phishing attacks) and (3) a third OS purely for personal use. In this embodiment, the network data cannot be accessed even if the phishing exploit deceives the user into allowing access to all data in the second OS or third OS.