Browse Prior Art Database

An effective way for updating system image at operating system boot time

IP.com Disclosure Number: IPCOM000032061D
Original Publication Date: 2004-Oct-22
Included in the Prior Art Database: 2004-Oct-22
Document File: 1 page(s) / 12K

Publishing Venue

IBM

Abstract

Disclosed is a method of disk access detection by using S.M.A.R.T (Self-Monitoring, Analysis and Reporting Technology) information (for example, power on count, write count etc.) and its usage. S.M.A.R.T enables hard disks to monitor their activities such as power cycle count, power-on hours, throughput, start/stop count etc., and log them. Since only micro code of hard disks can write S.M.A.R.T log, operating systems and applications cannot interpolate the S.M.A.R.T log. Therefore, the trusted software can detect illegal access to hard disks occurred between the last shutdown time and now by monitoring S.M.A.R.T information such as power-on count/write count.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 1

An effective way for updating system image at operating system boot time

Disclosed is a method of disk access detection by using S.M.A.R.T (Self-Monitoring, Analysis and Reporting Technology) information (for example, power on count, write count etc.) and its usage.

S.M.A.R.T is standardized in the ATA specification, and aims to get to know signs of disk failure. S.M.A.R.T enables hard disks to monitor their activities such as power cycle count, power-on hours, throughput, start/stop count etc., and log them. Only micro-code in hard disks can access (read/write) the logged information, while operating systems and applications cannot. The method to detect disk access is realized by utilizing this feature. The following is a sequence of disk access detection.

Step 1. On shutdown time, trusted software which is managed by administrators and cannot be controlled by others obtains the current power-on count of a hard disk equipped with a client machine.

Step 2. The trusted software stores the value of power-on count in a server or a local storage. If necessary, the trusted software signs that power-on count information with a digital signature algorithm.

Step 3. On the next boot time, the trusted software obtains the current power-on count of the hard disk.

Step 4. The trusted software compares the current power-on count with the previous one (saved in Step 2). If the difference between the two is more than 1, it follows that the hard disk of the client machine was accessed by not the trusted software but another unknown software. If the difference is equal to 1, it is confirmed that the hard disk was not accessed from the previous shutdown time until now.

The following two are examples of this technique.

1. This technique is useful in compliance management. A malicious user who knows passwords of a client machine, a hard disk equipped with the client machine, and an op...