Browse Prior Art Database

Random Write Virus lock out

IP.com Disclosure Number: IPCOM000030924D
Original Publication Date: 2004-Sep-01
Included in the Prior Art Database: 2004-Sep-01
Document File: 1 page(s) / 5K

Publishing Venue

IBM

Abstract

To date, virus's like the witty virus have been very destructive and hard to stop since they effectively go around all protections to write to random sectors on the hardfile. This disclosure will address this problem and make the system safe from random disk writes..

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 97% of the total text.

Page 1 of 1

Random Write Virus lock out

In TPM 1.2, there exists an infrastructure to insure that trusted code is running . This disclosure takes advantage of this infrastructure to lock down the I/O on the planar. It is proposed that when trusted code is running(documented in the TCG 1.2 and beyond specification), a signal from the TPM will be generated to all the peripherials on the motherboard (for example , the signal would go to the IDE subsystem). What is proposed is a new mode in the IDE controller, that when set, it would only allow writes to the drives when the system is in a trusted mode. If the system is not in a trusted mode, the I/O controller would ignore any attempt to access the hardfiles. This defeats the virus since it is unlikely that an IT organization would allow the virus to run in it's trusted mode. In this mode, the device driver for the IDE controller would be moved into the NEXUS.(Today's proposed design does not have device drivers in the NEXUS). By doing this, all writes to the hardfile must go through this driver so this prevents unauthorized accesses to the hardfile. Since the device driver running is in secure memory and the drive can only be written while in a secure mode, it will be alot easier to maintain security to the drive. This disclosure would solve the problem of a virus writting random data onto the hardfile. The idea could also be extended to other devices on the motherboard so that data cannot be transmitted off of the motherboard...